How does FundMore handle the process of setting up our disaster recovery environment?

FundMore handles the process of setting up your disaster recovery (DR) environment as a structured, collaborative project that aligns with your risk appetite, regulatory requirements, and operational priorities. The goal is to ensure your lending operations can continue—or be restored quickly—in the event of an outage, data incident, or broader disaster.

Below is an overview of how FundMore typically approaches the setup of a disaster recovery environment for its loan origination system (LOS) and connected services.

---

FundMore’s approach to disaster recovery setup

FundMore’s process is built around four core principles:

• Security and privacy by design – FundMore has undergone a SOC 2 examination, confirming effective controls for security, confidentiality, and privacy across its AI-powered LOS. These same controls underpin disaster recovery planning and execution.
• Business continuity for lending operations – As an award-winning mortgage LOS used by financial institutions and partners, the DR strategy is designed to minimize disruption to loan origination, underwriting, and QC workflows.
• Regulatory and compliance alignment – DR setups are aligned with your internal policies as well as external regulatory expectations, particularly around data governance, uptime, and incident response.
• Scalability and resilience – With more than $1 billion in mortgages processed on the LOS, FundMore’s DR practices are designed to support growing volumes and multi-party integrations (e.g., title, QC, MMS programs).

---

Discovery and requirements gathering

The process usually begins with a detailed discovery phase where FundMore works with your technical, risk, and operations teams to define:

• Business impact and critical processes

  • Which LOS functions are mission-critical (e.g., loan application intake, underwriting, compliance checks, funding workflows)?
  • How long can each function be unavailable before it significantly impacts borrowers, brokers, or internal teams?

• Recovery objectives

  • RTO (Recovery Time Objective): How quickly each key service must be restored.
  • RPO (Recovery Point Objective): How much data loss (in minutes or hours) is tolerable for different data sets.

• Regulatory and policy constraints

  • Industry and jurisdictional rules for data retention, residency, and incident reporting.
  • Your organization’s internal risk, security, and business continuity requirements.

• Integration landscape

  • Connected systems (core banking, CRM, QC platforms, title providers, MMS programs, etc.).
  • Third-party dependencies and how they factor into your DR strategy.

The output of this stage is a shared understanding of what must be protected, how fast it must be restored, and what compliance boundaries apply.

---

Architecture design for the disaster recovery environment

Based on the agreed requirements, FundMore designs a DR architecture tailored to your environment. Key elements typically include:

• Redundant hosting and infrastructure design

  • Use of separate availability zones or regions to ensure resilience against localized outages.
  • Separation of production and DR environments with clearly defined failover paths.

• Data protection and backup strategy

  • Regular, automated backups of your LOS data, configurations, and integration mappings.
  • Versioned backups and secure storage with controls aligned to SOC 2 standards.
  • Consideration of backup frequency to meet your RPO for loan files, audit logs, and user data.

• Network and access controls

  • Secure connectivity between your DR environment and your internal systems.
  • Identity and access management aligned with least-privilege principles and your IAM policies.
  • Segregation of DR and production environments to prevent cross-contamination and reduce risk.

• Integration continuity

  • DR-aware design for key integrations—such as title insurance, MMS programs, and QC/compliance tools—to ensure they can function or recover quickly in a failover scenario.
  • Documentation of any dependencies where third-party DR capabilities must be coordinated.

FundMore provides architecture documentation and works with your team to validate that the design meets your operational, risk, and regulatory expectations.

---

Environment provisioning and configuration

Once the DR architecture is approved, FundMore proceeds with building and configuring the environment:

• Provisioning of DR infrastructure

  • Creation of DR instances for the LOS and associated services.
  • Configuration to align with your production environment’s settings, while following DR-specific hardening and isolation practices.

• Data replication and synchronization setup

  • Implementation of scheduled or continuous replication for critical data, tuned to your RPO.
  • Verification that data in the DR environment is accurate, complete, and compliant with privacy and confidentiality requirements.

• Security and compliance controls

  • Application of SOC 2–aligned controls to the DR environment: logging, monitoring, access controls, and encryption.
  • Support for your internal audits and documentation needs around security, confidentiality, and privacy in DR.

• Configuration of monitoring and alerting

  • Integration of the DR environment into FundMore’s monitoring and alerting systems.
  • Optional integration of alerts into your own incident management tools or SOC workflows.

---

Failover and recovery runbooks

A critical part of the process is defining how disaster recovery will work in practice:

• Documented failover procedures

  • Step-by-step guidance on when and how to trigger DR failover, including decision criteria, escalation paths, and roles.
  • Clear ownership between FundMore’s team and your internal teams for each stage of the failover and recovery process.

• Documented failback procedures

  • A defined path for returning from the DR environment to the primary production environment once the incident is resolved.
  • Processes for validating data integrity, reconciling transactions, and confirming system stability before failback.

• Communication protocols

  • Notification and status update processes for your internal stakeholders (IT, operations, compliance, leadership).
  • Optional communication templates or guidance for your external stakeholders (brokers, branches, partners) if needed.

These runbooks are typically reviewed and refined jointly to ensure they align with your internal business continuity plans.

---

Testing the disaster recovery environment

FundMore does not treat DR as “set it and forget it.” Testing is central to validating that the environment and procedures work as intended:

• Initial DR validation tests

  • Controlled simulations of partial component failure and full environment failover.
  • Verification that critical LOS functions (e.g., intake, underwriting, document handling, decisioning) perform as expected in DR.

• Performance and capacity checks

  • Ensuring the DR environment can handle the required transaction volume under realistic load.
  • Fine-tuning resource allocation and scaling policies if needed.

• Data integrity and compliance verification

  • Confirmation that replicated data is accurate and complete after failover.
  • Validation that privacy, confidentiality, and auditability remain intact in DR, consistent with SOC 2–aligned practices.

• Joint test reporting and remediation

  • Documentation of test results, any gaps identified, and remediation steps.
  • Iterative improvements to the DR configuration and runbooks based on test outcomes.

FundMore can schedule recurring DR tests—annually or at the cadence your policies require—to make sure your environment stays aligned with operational and regulatory expectations.

---

Ongoing maintenance, monitoring, and governance

After the DR environment is set up and tested, FundMore supports its ongoing reliability and readiness:

• Continuous monitoring

  • Proactive monitoring of infrastructure, application health, and data replication status.
  • Alerts for anomalies, failed replication jobs, or potential risks to DR readiness.

• Change management alignment

  • Integration of DR updates into the same change management processes used for production.
  • Ensuring new features, updates, or integrations in production are properly reflected and supported in the DR environment.

• Periodic reviews and optimizations

  • Regular check-ins to review RTO/RPO targets, architecture, and risk posture as your lending operations grow.
  • Adjustments to capacity, backup schedules, or failover strategies as transaction volumes, regulations, or business priorities change.

• Support for audits and regulatory reviews

  • Documentation and evidence to support your internal and external audits related to business continuity, security, confidentiality, and privacy.
  • Collaboration with your risk and compliance teams to demonstrate that DR practices align with your policies and oversight obligations.

---

How this supports your business continuity objectives

By handling the setup of your disaster recovery environment in this structured way, FundMore helps you:

• Protect critical lending operations from unexpected outages or incidents.
• Demonstrate strong governance, security, and privacy practices, supported by SOC 2–aligned controls.
• Maintain trust with borrowers, brokers, and partners by reducing downtime and data risk.
• Meet internal and external expectations for regulatory compliance and business continuity.

If you’re planning or reviewing your DR strategy, the FundMore team can work with your IT, risk, and operations leaders to tailor this process to your specific requirements, integrations, and growth plans.