Trust & Security

At Thames Systems, trust and security underpin every product we deliver. The T100 platform acts as a secure digital repository, replacing spreadsheet-based processes with a controlled, auditable, and intuitive electronic system.

By combining rigorous data protection with streamlined workflows, we accelerate client onboarding, enhance data quality and make compliance seamless for both you and your customers. The measures described below illustrate how seriously we take your data and operational resilience.

T100 is sold under a perpetual licence model, giving clients greater long-term control over ownership and deployment. Where required, we can recommend ISO 27001–certified data centre strategies to meet resilience, regulatory, and data residency needs.

SECURITY AT THE FOREFRONT OF WHAT WE DO

Company overview

Thames Systems is a specialist financial‑technology provider dedicated to delivering secure, scalable solutions for regulated markets. We have been providing IT solutions to financial‑services firms since 1996, drawing on more than fifty years of combined experience.

Learn more about Thames Systems

3 Offices

London (UK), Austin (USA); expansion into Asia planned

50+

Years of combined financial‑services experience

200M+

Daily trades processed Handles millions of trade lines every day

99.9%

99.9%+ Uptime achieved by all clients over the last 5 years

Our trust and security pillars

We take a multi‑layered approach to safeguarding your data and ensuring continuity of service:

1.

Certified infrastructure and accreditations.

We strongly recommend that all T100 data is hosted in data centres certified to the ISO 27001 standard for information security, and we can assist with this setup; however, the final decision on hosting location remains with the client.

Thames Systems is Cyber Essentials certified, demonstrating that we meet government-backed standards for protecting against a wide range of common cyber threats, helping to safeguard our clients’ data and systems.

2.

Data hosting and segregation

Where required, we can support deployments in additional regions, including the United States and Asia, and provide guidance on data centre strategies that meet applicable regulatory and operational requirements. Thames Systems does not directly provide data centre services.

3.

Robust access controls and multi‑factor authentication

Access to the system is limited to authorised client users. We implement a three‑line defence model:

Network restriction: each system’s firewall permits connections only from approved IP address ranges.
User credentials: users authenticate with their email address and a strong password. We enforce minimum password length and complexity in line with the Cyber Essentials recommendations.
Time‑limited PIN: A six-digit PIN is sent to the user via SMS and/or email. PIN codes can be reused but expire after 12 hours.

4.

Encryption and data protection

All sensitive data is encrypted in transit using TLS/SSL and encrypted at rest within the database. Internet‑facing servers store only minimal data, which is cleared regularly on a scheduled basis.

Secure backups of the complete system and client data can be facilitated as part of each client’s own backup strategy. These backups can be stored offsite and encrypted in line with individual client requirements.

5.

Regular patching and vulnerability scanning

Drawing on our extensive experience of secure system operations, we can provide guidance and assistance on patching strategies, including scheduling updates outside of business hours where appropriate, and on implementing regular health checks to monitor system status and identify when patches are required.

We can also advise on the use of industry-standard security scanning tools for public-facing systems, including application, malware, SQL injection, SSL, and XSS testing, as well as on best practices for SSL configuration analysis.

More broadly, we can support clients in designing and implementing robust security approaches incorporating vulnerability scanning, firewall-controlled access, backup strategies, and continuous monitoring, helping to ensure that threats are detected and addressed promptly.

6.

Business continuity and wind‑down planning

We maintain a comprehensive wind-down and continuity plan to minimise any impact on clients in the unlikely event that we are unable to continue providing services.

T100 includes features that facilitate encrypted online and offline backups and enable the rapid deployment of existing or new configurations, ensuring clients retain uninterrupted access to their system assets at all times.

Under our perpetual licence model, clients can operate the system within their own infrastructure, with optional ongoing support from us. We also provide training and knowledge transfer to client developers, enabling them to maintain, extend, and operate the platform independently of the vendor, thereby enhancing long-term operational resilience.

7.

Audit trails and monitoring

Every change within the T100 system is recorded in an encrypted audit table, capturing the state before and after the change, who made it, when and from which IP address.

Our integrated risk engine updates risk scores daily and performs automated checks each morning, raising alerts immediately when anomalies are found.

This ensures that Compliance teams receive timely notifications and that all actions are traceable.

8.

Commitment to compliance and privacy

T100 is built to help firms satisfy complex regulatory requirements. The system stores Know‑Your‑Customer (KYC) information from the first customer interaction through due‑diligence, risk assessments, trading pattern analysis and regulatory reporting.

It is aware of current legislation and proactively monitors client activity, creating alerts whenever user‑defined thresholds are breached.

Our processes are designed to comply with UK and international data‑protection laws and to support anti‑money‑laundering (AML) and counter‑terrorist financing obligations.

Security FAQs

Who are Thames Systems and how long have you been in business?

Thames Systems has supplied IT solutions to financial‑services firms since 1996. Our leadership team combines decades of experience: Stewart Kirkpatrick, our Managing Director, has forty years of IT and finance experience, while Graham Foster, our Lead Developer, has over twenty years of full‑stack development expertise. We operate out of offices in London, UK and Texas, US with expansion into Asia planned.

Does anyone other than Thames Systems staff have access to T100?

No. Only authorised client users and Thames Systems staff can access a client’s T100 instance. We do not employ third‑party developers who could access client data, and each customer is assigned dedicated servers. Access is controlled using IP restrictions, strong credentials and SMS PINs.

What accreditations do you have?

Our data centres are ISO 27001 certified and use CCTV, security guards and role‑based access control to prevent unauthorised access. Thames Systems is also accredited under the UK government’s Cyber Essentials scheme.

How is access to the system protected?

We employ a three‑factor access model: firewalls restrict network access to authorised IP ranges; users authenticate with an email address and complex password; and users confirm their identity with a six‑digit SMS PIN that expires after twelve hours. The customer portal uses Strong Customer Authentication (SCA) with the same factors.

Where is T100 data hosted?

Thames Systems client-related data is hosted in two geographically separated UK data centres. We recommend a similar strategy for client T100 instances and can assist with the setup of local hosting in other regions (e.g., the US or Asia) when required.

How do es T100 protect sensitive data?

All sensitive data is encrypted both in transit and at rest using industry-standard encryption protocols. Only minimal data is stored on internet-facing servers, and this data is purged on a regular basis in accordance with defined retention policies. All system backups are encrypted, and T100 includes built-in capabilities to support secure online and offline backup and recovery processes.

How often do you patch the system and test your defences?

We support and recommend the application of operating system and application patches during weekends and overnight windows for urgent updates. Daily health checks are recommended to monitor system status. Public-facing systems should undergo weekly vulnerability scans covering application security, malware, SQL injection, SSL, and XSS, and we recommend regular in-depth SSL configuration analysis using tools such as Qualys SSL Labs.

Do you maintain an audit trail of changes?

Yes. All changes within T100 are recorded in an encrypted audit table, capturing the before/after state, the user who made the change, the timestamp and the originating IP address.

Do you enforce strong passwords?

We enforce minimum password length and complexity requirements in line with Cyber Essentials recommendations. Passwords do not expire automatically to avoid encouraging weak reuse; however, they are combined with multi‑factor authentication to maintain a strong security posture.