Data hosting and segregation

Where required, we can support deployments in additional regions, including the United States and Asia, and provide guidance on data centre strategies that meet applicable regulatory and operational requirements. Thames Systems does not directly provide data centre services.

Robust access controls and multi‑factor authentication

Access to the system is limited to authorised client users. We implement a three‑line defence model:

• Network restriction: each system’s firewall permits connections only from approved IP address ranges.
• User credentials: users authenticate with their email address and a strong password. We enforce minimum password length and complexity in line with the Cyber Essentials recommendations.
• Time‑limited PIN: A six-digit PIN is sent to the user via SMS and/or email. PIN codes can be reused but expire after 12 hours.

Encryption and data protection

All sensitive data is encrypted in transit using TLS/SSL and encrypted at rest within the database. Internet‑facing servers store only minimal data, which is cleared regularly on a scheduled basis.

Secure backups of the complete system and client data can be facilitated as part of each client’s own backup strategy. These backups can be stored offsite and encrypted in line with individual client requirements.

Regular patching and vulnerability scanning

Drawing on our extensive experience of secure system operations, we can provide guidance and assistance on patching strategies, including scheduling updates outside of business hours where appropriate, and on implementing regular health checks to monitor system status and identify when patches are required.

We can also advise on the use of industry-standard security scanning tools for public-facing systems, including application, malware, SQL injection, SSL, and XSS testing, as well as on best practices for SSL configuration analysis.

More broadly, we can support clients in designing and implementing robust security approaches incorporating vulnerability scanning, firewall-controlled access, backup strategies, and continuous monitoring, helping to ensure that threats are detected and addressed promptly.

Business continuity and wind‑down planning

We maintain a comprehensive wind-down and continuity plan to minimise any impact on clients in the unlikely event that we are unable to continue providing services.

T100 includes features that facilitate encrypted online and offline backups and enable the rapid deployment of existing or new configurations, ensuring clients retain uninterrupted access to their system assets at all times.

Under our perpetual licence model, clients can operate the system within their own infrastructure, with optional ongoing support from us. We also provide training and knowledge transfer to client developers, enabling them to maintain, extend, and operate the platform independently of the vendor, thereby enhancing long-term operational resilience.

Audit trails and monitoring

Every change within the T100 system is recorded in an encrypted audit table, capturing the state before and after the change, who made it, when and from which IP address.

Our integrated risk engine updates risk scores daily and performs automated checks each morning, raising alerts immediately when anomalies are found.

This ensures that Compliance teams receive timely notifications and that all actions are traceable.

Commitment to compliance and privacy

T100 is built to help firms satisfy complex regulatory requirements. The system stores Know‑Your‑Customer (KYC) information from the first customer interaction through due‑diligence, risk assessments, trading pattern analysis and regulatory reporting.

It is aware of current legislation and proactively monitors client activity, creating alerts whenever user‑defined thresholds are breached.

Our processes are designed to comply with UK and international data‑protection laws and to support anti‑money‑laundering (AML) and counter‑terrorist financing obligations.