know your customer limited · know your customer limited tel +353 1-2440669 6/f, wyndham place40-44...

Know Your Customer Limited

Tel +353 1-2440669

6/F, Wyndham Place40-44 Wyndham St., CentralHong Kong

https://www.knowyourcustomer.com [email protected]

Know Your Customer Limited INFRASTRUCTURE & SECURITY OVERVIEW

(IS) V1

Overview of KYC basic infrastructure, security and implementation,

policies and practices.

Table of Contents

Contents

General ____________________________________________________________________ 1

Definitions __________________________________________________________________ 2

Azure and KYC ______________________________________________________________ 3

KYC Infrastructure ____________________________________________________________ 4

Infrastructure details __________________________________________________________ 5

Security ____________________________________________________________________ 7

Monitor, Automation and Maintenance ____________________________________________ 9

Company Information ________________________________________________________ 12

Pg. 01

Infrastructure & Security (IS)

General This Infrastructure and Security Overview for Know Your Customer Limited (this “IS”) forms a

part of your SaaS agreement (the “Agreement”), entered into with Know Your Customer

Limited. Capitalized terms used but not defined in this IS will have the meaning assigned to

them in the Agreement. This IS applies to the Know Your Customer Online Services listed

herein (a “Service” or the “Services”), but does not apply to separately branded services made

available with or connected to the Services or to any on-premises software that is part of any

Service.

Pg. 02


Definitions

"KYC" Know Your Customer Limited

"IaaS" an instant computing infrastructure, provisioned and managed over the Internet.

"Azure" Microsoft's public cloud computing platform, KYC elected IaaS

"API" application programming interface, or a set of clearly defined methods of communication

between various software.

"Incident" an circumstance which causes or may cause a Downtime.

"Service Level" means the performance metric(s) set forth in this SLA that KYC agrees to

meet in the delivery of the Services.

"Service Resource" means an individual resource available for use within a Service.

"Success Code" means an indication that an operation has succeeded, such as an HTTP

status code in the 2xx range.

"Support Window" refers to the period of time during which a Service feature or compatibility

with a separate product or service is supported.

"Customer" as defined in the SaaS Agreement.

Pg. 03


Azure and KYC

KYC uses Azure for its IaaS architecture

Azure hosts the infrastructure components traditionally present in an on-premises data center,

including servers, storage and networking hardware, as well as the virtualization or hypervisor

layer for all KYC operations.

Azure also supplies a range of services to accompany those infrastructure components. Such

as detailed billing, monitoring, log access, security, load balancing and clustering, as well as

storage resiliency, such as backup, replication and recovery. These services are increasingly

policy-driven, enabling us to implement greater levels of automation and orchestration for

important infrastructure tasks.

Azure is therefore used for all our operations mainly:

Test and development. Our Teams can quickly set up and dismantle test and development

environments, bringing new applications to production faster. Azure makes it quick and

economical to scale up dev-test environments up and down.

Website and App hosting. Running websites using IaaS can be less expensive than traditional

web hosting.

Storage, backup, and recovery. KYC leverages Azure by avoiding the capital outlay for storage

and complexity of storage management, managing data and meeting legal and compliance

requirements. Azure is also useful for handling unpredictable demand and steadily growing

storage needs. It can also simplify planning and management of backup and recovery systems.

Web apps. Azure provides all the infrastructure to support all our web apps, including storage,

web and application servers, and networking resources. We’re able to quickly deploy web apps

on IaaS and easily scale infrastructure up and down when demand for the apps is unpredictable.

Pg. 04


KYC Infrastructure A Single customer deployment is composed of an Integrated solution made available upon

customer demand, that is composed of the following items:

- VCD (Virtual Compliance Desktop)

- VCD Upload Portal

- Integrated KYC API V2

- 3rd Party Integration Data Aggregator Service (For real time Company data information

retrieval)

- Identity Verification Checker (For Individual ID Verification)

- AML Updater (twice a day data refresh)

- Mobile App Integration

This infrastructure is deployed OnDemand and made available to a customer for testing,

demonstration purposes before deploying in production.

Pg. 05


Infrastructure details

Auditing

KYC systems are backed up and certified by Azure SOC 1, 2 and 3. Reports of audits can be

provided for legal and regulatory requirements.

For specific Audits, 3 types of logs can be provided:

- Control/Management Logs - Data plane Logs - Processed Events

Data Protection

KYC rely on ISO/IEC 27001:2013 Information Security Management Standards for its Data.

GDPR Compliance plan is underway and we expect to have completed and available to all our

customers in the 4Q 2017.

Code and Processes Certifications

KYC is Underdoing implementation of CMMI (SCAMPI A Assessment)

Resilience

Applications, Services and APIs have auto scaling in place to scale by CPU, Service Bus and

Insights. Currently auto scale is set to up to 10 instances of the original customer

implementation, with a 5min cooldown.

Databases aside from auto scaling have elastic pools for provisioning proper resource

allocation for peaks.

All these values and configurations can be optimized to customer needs.

Pg. 06


Code base

KYC uses best practices git repository for all code base with audited access. Code repository

is periodically backed up and replicated for failsafe purposes.

Geographical Scalability

KYC can be setup in different geographic locations. It’s in the final process of Localization /

Globalization to have User Interface available aside from English, in different Language.

Disaster Recovery Plan

Business continuity and disaster recovery (BCDR) is setup for all KYC Services using Azure

Recovery Services, a specific Plan can be provided upon SaaS agreement

Used Open Source in all Applications

Software License Html Agility Pack (HAP) MIT PhantmomJS BSD Newtonsoft.Json MIT Log4Net Apache 2 OpenPop CC0 1.0

Pg. 07


Security

Identity and Authentication

VCD Web App – Each customer has a set of parametrized groups they can assign users to.

Each group as a set of configurable Permission in the application.

User registration and authentication as well as password recovery is an automated encrypted

process, with no human intervention.

The Authentication and identity processes is done using standard OWIN Authentication.

API – through a pair of REST Access Tokens, for both developer and customer according to

standard OpenID

Mobile App – Access is done through a real time generated access code.

Sub Systems – Client Certificates with OpenID when required.

Azure Layers – Native Azure Active Directory Access

Transport (TLS / SSL)

All Interactions between KYC subsystems, clients and partners uses SSL for communication

security in all environments the systems operate.

Data at Rest

Storage Systems use Azure Storage Service Encryption (SSE) for Data at rest.

As an additional layer of security on last quarter of 2017, AES encryption for images and

customer documents will be put in place for data at rest in storage systems.

Data Backups can be provided on demand from Azure Instances.

Pg. 08


Certifications

KYC Systems as part of the Azure follows CSA STAR Certification in all 3 Levels.

As part of this penetration reports can be supplied under the US Federal Risk and

Authorization Management Program (FedRAMP)

Pg. 09


Monitor, Automation and Maintenance

KYC Systems are in constant monitoring. We use several techniques and technologies to

monitor not only our infrastructure but also the performance of the entire system.

Azure Application Insights are used to monitor health of all Applications and Services.

Splunk as well as Azure is used to Monitor Infrastructure Availability

Splunk is used to monitor specific services availability like, Jurisdiction data accessibility, Email

and SMS delivery.

Specific Application Telemetry is used in Splunk to monitor Systems Exceptions.

Triggers are put in place to Alert and Monitor in real time both KYC Staff and Customers when

needed.

Internal Realtime JIRA Monitoring System

The System produces Realtime reports, exceptions and incidents to be resolved and fixed by

the Team as tasks in Atlassian JIRA Systems.

Production Incidents are automatically generated and prioritized in 3 Levels for immediate

resolution as:

System Unavailability

Maximum SysOps/Dev Response Time

Examples / Use Cases

2hr

• Apps or services are unavailable

• User is unable to login

Level 1 - Customer is unable to continue working further and is blocked



24hr

• Customer Unable to Create a Case

Pg. 10


• Customer is unable to get Reports

Level 2 - Customer has Issue but there is a workaround



48hr

• Customer unable to send SMS, but if using another Role he can

• User is unable to login with a given user, but if given another user he can.

Maintenance, Updates & hotfixes

Maintenance and releases are performed outside of business hours (Monday – Friday, 9AM

to 5PM GMT) on a business day. A business day means any day other than a Saturday,

Sunday or public holiday in the United Kingdom and Republic of Ireland.

Going forward, we are moving to a no-downtime implementation of our SDLC and Continuous

Integration, which will allow us for a faster and improved availability. This is expected to be

implemented within the next quarter.

Notice of maintenance window is communicated through several mechanisms.

In-Solution alerts and notifications will give further details to all users, and major updates will

be accompanied by emails. If a major update includes a change to the user workflow or new

feature, a document detailing the function and how to use it will be sent at least three days

prior to the feature release.

In App Notifications & Monitoring

Real-time in-solution updates and notifications will notify users of technical issues or third-party

provider outages that may impact their work. They will also be notified when the outages have

ceased or been repaired.

Additionally, KYC provides a status page of the health of their systems in http://kycl.status.io .

Subscription can be done for non-users of the KYC Systems to get automatic notified of

systems availability.

http://kycl.status.io/

Pg. 11


Major issues or outages that are expected to take longer than 3 hours to repair will be

accompanied by an email to the company’s point of contact detailing the issue and the steps

being taken to amend it.

If one of our third-party providers is experiencing technical issues or outages, status will be

updated in http://status.knowyourcustomer.com

Additional SMS Notifications can be requested

http://status.knowyourcustomer.com/

Pg. 12


Company Information Know Your Customer Limited

6/F, Wyndham Place40-44 Wyndham St.,

Central Hong Kong

Tel +353 1-2440669

https://www.knowyourcustomer.com

know your customer limited · know your customer limited tel +353 1-2440669 6/f, wyndham place40-44...

Documents