Information Security

Confidentiality, integrity and availability

Confluence is committed to sharing details of our Information Security Management System (ISMS) to provide assurances that the use of our products and services does not compromise the integrity or confidentiality of your data.

Boardroom meeting

Information security protection is comprised of a formal vulnerability management framework, security management processes, and organizational roles and responsibilities. The basis of the approach is to satisfy control objectives consistent with ISO/IEC 27001, SSAE 18 and generally accepted standards of information security, as applicable to the Confluence environment. Confluence’s ISMS addresses each of the three basic security dimensions (Integrity, Confidentiality, and Availability), to allow information to be shared appropriately in an efficient and effective manner by design and enable implementation of management, operational and technical security controls.

Confluence’s ISO 27001, SSAE18 (SOC1) and ISAE3402 certifications are designed to ensure we maintain the confidentiality, integrity and availability of our clients’ data, be it in digital or printed format, in transit or on-site at Confluence.
Confluence aims to maintain the highest levels of data security possible. Strong security begins with comprehensive security practices and requires continuous attention and improvement to ensure a consistent, repeatable, secure environment.

Security forms the foundation of every aspect of Confluence’s business, from system design and security policy to operations management.
Confluence welcomes inquiries and feedback about its security practices. Please contact us and we will forward the request to the appropriate information security team member for a prompt response.

Information Security Management System Certificate
Third Party Assurance Report - Audit Completed


Confluence uses appropriate, modern technologies designed to ensure client information confidentiality, whether the information is en-route to, stored at or being processed by Confluence.

Woman using device for confidential content


Information is carefully managed at Confluence to maximize accuracy and completeness. Establishing and maintaining integrity is achieved through a combination of processes and procedures which support appropriate data management, change management, and quality control practices.


Information is of little use if it is not available where and when required. It is therefore stored and managed by Confluence in a way that makes it available as necessary, while preserving its confidentiality and integrity. We monitor all our client facing services.


Confluence works with the best-in-class Tier III data center and cloud providers to provide on-line services for our hosted and service users. These data center facilities provide the highest levels of physical security protecting the environment from unauthorised access 24/7. They provide resilient services with redundant power, cooling and networking to minimise the impact of a service failure allowing us to keep our systems available all day, every day.

We have designed our platforms and data to be backed up and available in the event of a site disaster. We use the appropriate server virtualization and storage mirroring technologies to make this happen. Our systems are configured to work together making sure no critical services provide a single point of failure. We need to be tolerant of component failures, so all our systems have multiple paths to power, data and the network. Our engineers are trained and qualified to very high levels and we have over 80 years of combined experience in secure hosting technology across six support sites.

Confluence is SSAE18 (SOC1) Type II* accredited for Revolution, its hosted analytics platform, market data services, Regulatory, ASP and Performance Reporting services. Confluence recently added the ISAE3402 standard to our audit process.

“This continued audit of our service demonstrates our commitment to providing the asset management industry with a secure and robust technology platform for portfolio analytics, asset valuation and reporting. Successfully completing another SSAE 18 Type II audit provides increased assurance and confidence to our clients in the security of our hosted and cloud-based analytics platforms and our market data services. It also demonstrates our dedication to the security of our technology infrastructure and clients’ data.”

Tony Monachello, Head of Governance, Compliance and Risk

*SSAE 18 is the acronym for the American Institute of Certified Public Accountants (AICPA) Statement on Standards for Attestation Engagements (SSAE) No. 18. SSAE 18 defines the professional standards used by a service auditor to assess the effectiveness of internal controls of a service company and their consistent operation over a period of time. SSAE 18 is the new standard that supersedes the previous SAS 70 standard.

The SSAE 18 has two varieties: Type I or Type II. Type II is more comprehensive as it verifies that during a six-month period, the hosted analytics platform and market data services capably operate with both internal control design proficiency and operational effectiveness. Type I only measures for a point in time and does not audit operational effectiveness.