FundOS — Security Overview (Summary)

Effective Date: 01-Oct-2025 • Version: 1.0
Contact: security@klub.ai

1. Governance & Risk

Our security program is risk-aligned and governed by policies covering access control, acceptable use, incident response, vendor management, and secure software development practices.

AI Governance: In alignment with DIFC Regulation 10 (“Reg-10”), FundOS maintains model/version inventories, evaluation summaries, output logging, change approvals, and proportionate testing for bias, accuracy, and material changes.

2. Access Management

Access controls are enforced through:

Single Sign-On (SSO) and Multi-Factor Authentication (MFA) for console access
Least-privilege and role-based access principles
Periodic access reviews and automated deprovisioning workflows

3. Data Protection

Encryption in transit (TLS) and at rest, with key management via managed KMS
Segregated environments (production vs non-production)
Regular backups and verified restoration testing
Data minimisation, configurable retention, and secure deletion mechanisms

4. Application & AI Security

Secure Software Development Lifecycle (SDLC) with peer code review and vulnerability scanning
Dependency management and penetration testing at least annually
AI-Specific: Prompt-injection defences, input/output validation, adversarial testing, allow-listing for connectors, output filtering, and drift or abuse monitoring

5. Logging & Monitoring

Centralised logging and anomaly detection
Audit trails for administrative actions and sensitive data access
Time synchronisation across systems for event integrity

6. Incident Response

24×7 on-call response capability with defined triage, containment, eradication, and recovery steps
Post-incident reviews to identify improvements and prevent recurrence
Personal Data Breaches are notified to Controllers without undue delay and handled per DIFC DPL 2020 requirements

7. Business Continuity

High-availability infrastructure and disaster recovery mechanisms
Backups aligned to RPO/RTO objectives defined per Order or SLA
Regular resilience and failover testing

8. Sub-processors

FundOS performs due diligence and continuous monitoring of all Sub-processors. Each provider is contractually bound by equivalent security and privacy terms. Material changes to Sub-processors are communicated through the Sub-processor Register.