FAQs

What is Proofdesk?

Proofdesk is a cloud-based compliance platform developed by Native Systems Limited. It helps Isle of Man regulated firms meet their AML/CFT obligations more effectively and efficiently.

When was Proofdesk launched?

Proofdesk launched in beta with a partner firm in September 2023. Public release followed in Q4 2024.

What training does Proofdesk provide to new customers?

Onboarding includes guided implementation, documentation, and training tailored to each firm’s needs. Ongoing support is provided throughout the subscription.

Can auditors or regulators be given access to the platform?

Yes. Customers can configure Proofdesk to allow auditors, regulators, or other approved third parties to view relevant data.

What is the free trial policy?

Due to the nature of the data migration and onboarding process, it is typically impractical for our customers to use Proofdesk alongside their existing procedures.

What happens if we stop using Proofdesk?

Customers retain access to their data and reports until the end of their subscription term. Secure export options are provided, and data is deleted once offboarding is complete unless retention is required by law.

How does Proofdesk help mitigate ML/FT risk?

Proofdesk helps improve consistent application of AML/CFT procedures, and maintains a signed and dated audit trail of compliance processes.

How does Proofdesk enhance the effectiveness and efficiency of AML/CFT measures?

By standardising data collection, risk assessment, approvals, and reviews, Proofdesk reduces administrative burden, streamlines compliance, and improves record-keeping and oversight.

What risks could Proofdesk introduce?

Any digital system introduces a level of cyber exposure. Proofdesk is built to minimise these risks through encryption, segregation, MFA, and continuous monitoring.

What impact might Proofdesk have on our existing AML/CFT technology?

Proofdesk is designed to complement, not conflict with, existing technology. It can operate in parallel or integrate via manual exports or APIs (available on request).

What interface exists between our systems and Proofdesk?

By default, data is entered into Proofdesk directly. Exports and custom integrations can be arranged to interface with internal systems, subject to discussion and feasibility.

What is the product development plan for Proofdesk?

Development is continuous and driven by customer feedback, regulatory updates, and our roadmap. As we control development in-house, we can prioritise features with the greatest impact.

How are customers informed of product changes?

• Minor fixes: Released silently.

• Feature updates: Communicated by email upon release.

• Significant changes: Notified 14 days in advance to authorised contacts.

How will we be informed of issues like data loss or system outages?

Any critical incident triggers notification to authorised contacts, followed by regular updates and a detailed post-incident report.

What procedures are in place to assess and mitigate product risk?

We maintain a central risk register, perform quarterly vulnerability scans, and resolve critical risks within 72 hours. All incidents undergo root cause analysis.

What cyber security measures protect Proofdesk and customer data?

• Hosting in an ISO 27001-certified data centre (Domicilium)

• Data encryption in transit and at rest

• Deny-by-default access model

• MFA enforced for all access

• Regular system patching

• 15-minute offsite backups

Does Proofdesk have disaster recovery and business continuity plans?

Yes. Plans are reviewed annually and tested. Proofdesk has experienced no unscheduled downtime in the past 12 months.

How is planned downtime managed?

Customers are notified at least 7 days in advance. Downtime is scheduled outside normal business hours. Critical patches are deployed as needed with short notice.

What happens in the event of total platform failure?

We maintain real-time replication and frequent backups to enable rapid recovery. Customers’ Organisation Accounts are logically separated to isolate impact and protect data.

Is Proofdesk externally certified?

Native Systems Limited is working towards ISO 27001 and Cyber Essentials Plus certification.

What staff screening policies are in place?

Staff are vetted prior to hiring, and access to customer data is strictly controlled and audited. No shared credentials are used.

Do team members receive data protection training?

Yes. All team members receive data protection and security training on joining and on an ongoing basis.

Where is Proofdesk data hosted?

All data is hosted within the Isle of Man by Domicilium (IOM) Ltd.

Is Proofdesk registered with a data protection authority?

Yes. Native Systems Limited is registered with the Isle of Man Information Commissioner with Registration No. R003938.

What are the data retention policies?

We follow customer instructions for retention. Data is deleted upon termination unless legally required to retain it. Customers can configure their own data retention rules internally.

What are the minimum technical requirements?

Users should access Proofdesk from a modern laptop or desktop using the latest versions of Chrome, Firefox, Edge, or Safari, with a reliable internet connection. This setup supports remote work scenarios such as during a pandemic.