Automated Underwriting Software
How does FundMore handle the process of setting up our disaster recovery environment?
7 min read
FundMore handles disaster recovery (DR) as a structured, collaborative process that’s built into how your loan origination system (LOS) environment is designed, deployed, and maintained. Rather than treating DR as a one-time setup, we approach it as an ongoing program focused on resilience, regulatory compliance, and business continuity for lenders and mortgage operations teams.
Below is an end‑to‑end overview of how we handle the process of setting up your disaster recovery environment, from initial planning to continuous optimization.
1. Discovery and Requirements Gathering
The process starts with a detailed discovery phase where we work with your stakeholders to define what “recovery” actually needs to look like for your organization.
Key activities include:
-
Business impact analysis (BIA)
- Identifying critical FundMore LOS workflows (e.g., application intake, underwriting, QC, document management).
- Mapping dependencies such as third‑party integrations, data feeds, and internal systems.
-
Defining recovery objectives
- RPO (Recovery Point Objective): How much data you can afford to lose (e.g., minutes or hours).
- RTO (Recovery Time Objective): How quickly you need the LOS back online after a disruption.
-
Compliance and regulatory constraints
- Aligning DR expectations with industry requirements for security, confidentiality, and privacy.
- Leveraging FundMore’s SOC 2–validated control framework to support compliance and audit needs.
This phase ensures your disaster recovery environment is tailored to your risk appetite, operational needs, and regulatory obligations.
2. Architecture and Environment Design
Once requirements are clear, we design a DR architecture that mirrors or complements your production FundMore environment.
Typical design considerations include:
-
Redundant infrastructure
- Use of geographically separate environments for failover, where applicable.
- Separation of duties between production and DR environments for security and stability.
-
Data protection strategy
- Regular, automated backups of your LOS data.
- Versioning and retention policies aligned with your RPO and regulatory requirements.
- Encryption in transit and at rest to maintain confidentiality and privacy.
-
Application and integration mapping
- Ensuring your DR environment supports critical integrations, such as title insurance providers, mortgage insurance, credit bureaus, and other partners in your ecosystem.
- Including new integrations like FCT’s Managed Mortgage Solutions (MMS) program where relevant.
-
Scalability and performance
- Designing DR capacity to handle the load you expect during a failover scenario.
- Ensuring the environment can scale to support peak lending seasons.
The result is a well-documented DR architecture blueprint that clearly defines components, data flows, and operational responsibilities.
3. Secure Provisioning of the DR Environment
With the design approved, FundMore provisions your disaster recovery environment using standardized, security‑first processes.
Key steps include:
-
Environment setup and hardening
- Creating isolated DR networks, application instances, and databases.
- Applying the same security controls and guardrails used in production, consistent with SOC 2–tested practices.
- Implementing strict access controls and role‑based permissions.
-
Configuration alignment
- Mirroring critical production configurations (user roles, workflows, rules, and automations).
- Aligning QC, risk management, and compliance configurations, especially where FundMore is used to automate regulatory controls.
-
Integration configuration
- Establishing secure connectivity for DR integrations (e.g., to third‑party services and internal systems).
- Clearly documenting which integrations are “DR‑critical” and must be functional during failover.
Throughout provisioning, we ensure that the DR environment is both secure and operationally consistent with your live LOS.
4. Data Replication and Backup Strategy
Robust data handling is at the heart of effective disaster recovery. FundMore configures data protection to match your defined RPO and compliance expectations.
This typically includes:
-
Automated backups
- Scheduled backups of core LOS data stores.
- Encrypted storage with appropriate retention policies.
- Logical and physical separation between production and backup storage for resilience.
-
Replication policies
- When required, near‑real‑time or frequent replication of critical data into the DR environment.
- Validation checks to ensure data consistency and integrity.
-
Privacy and confidentiality controls
- Backups and replicated data are subject to the same privacy protections as production data.
- Handling of personal and financial information aligns with the security, confidentiality, and privacy controls validated in FundMore’s SOC 2 examination.
These measures ensure that if an incident occurs, you have a recent, usable, and compliant data set ready for recovery.
5. Failover and Recovery Procedures
FundMore works with you to define and document clear, step‑by‑step disaster recovery procedures so your teams know exactly what to do during an incident.
Typical components include:
-
Trigger criteria and decision making
- Specific conditions under which you move from “incident” to “DR activation.”
- Roles and responsibilities: who can authorize failover, who communicates with stakeholders, and who executes the technical steps.
-
Failover runbooks
- Detailed, repeatable steps to switch operations from production to the DR environment.
- Ordering of actions such as putting production in a safe state, promoting the DR environment, and validating system health.
-
User access and communications
- Processes for redirecting users to the DR environment.
- Clear messaging for internal teams, partners, and, if needed, regulators or auditors.
-
Fallback and restoration
- Criteria for returning from the DR environment back to production once the primary systems are stable.
- Data reconciliation and integrity checks to ensure no loan data is lost or duplicated.
These procedures are structured to minimize downtime and operational confusion for lenders and credit unions using FundMore.
6. Testing and Validation
A disaster recovery environment is only as good as its testing. FundMore incorporates validation into the setup and ongoing maintenance of your DR strategy.
Our approach typically includes:
-
Initial DR test during setup
- Conducting a planned DR exercise or table‑top test to validate the new environment and runbooks.
- Measuring RTO and RPO against the targets defined in the discovery phase.
-
Regularly scheduled DR tests
- Periodic drills to ensure processes remain effective as your LOS configuration and integrations evolve.
- Scenario-based testing (e.g., data center outage, integration failures, or service disruptions).
-
Documentation and continuous improvement
- Capturing test results, gaps, and remediation plans.
- Updating DR procedures and architecture based on lessons learned and changes in your business.
This structured testing ensures your DR environment is not just theoretically sound, but proven in practice.
7. Governance, Security, and Compliance Alignment
Because the FundMore LOS handles sensitive financial and personal data, governance and compliance are built into the disaster recovery setup.
Core elements include:
-
Alignment with SOC 2–tested controls
- Applying FundMore’s existing security, confidentiality, and privacy controls to the DR environment.
- Ensuring DR operations support auditability and evidence collection.
-
Policy and documentation
- Clear documentation of your DR strategy, architecture, and procedures.
- Change management processes to keep DR aligned with any updates to your production environment.
-
Risk management integration
- Incorporating DR into your broader risk and compliance programs.
- Using FundMore’s capabilities for QC and risk management to help monitor and manage operational risk around outages and disruptions.
This governance layer helps you demonstrate to internal risk committees, regulators, and auditors that your LOS operations are resilient and well controlled.
8. Ongoing Monitoring and Optimization
Disaster recovery is not “set it and forget it.” FundMore supports ongoing monitoring and continuous refinement of your DR environment.
Key practices include:
-
Health and performance monitoring
- Monitoring critical components (infrastructure, databases, integrations) for issues that could affect recoverability.
- Alerting mechanisms for anomalies that may warrant a closer look at DR readiness.
-
Change alignment with production
- Ensuring that major production changes—new integrations, workflow updates, or configuration changes—are reflected in the DR environment.
- Regular reviews to keep your DR setup in sync with how you actually use FundMore day‑to‑day.
-
Periodic reviews with your team
- Revisiting RTO/RPO, business impact assumptions, and integration priorities as your lending operations grow or evolve.
- Incorporating feedback from DR tests, real incidents, and organizational changes.
This keeps your disaster recovery environment current, effective, and aligned with your operational reality.
9. What You Can Expect as a Client
When FundMore sets up your disaster recovery environment, you can expect:
- A structured project from discovery through testing, not an ad‑hoc configuration.
- A DR environment that reflects your specific LOS usage, integrations, and risk profile.
- Controls and processes consistent with the security, confidentiality, and privacy standards validated through our SOC 2 examination.
- Ongoing collaboration to maintain and improve your DR posture as your mortgage operations and technology stack evolve.
If you’re planning a new implementation or enhancing your existing FundMore deployment, your account team can walk you through your specific DR options, timelines, and responsibilities based on your infrastructure, compliance requirements, and business continuity objectives.