App Validation Process
The validation process provides peace of mind for the banks browsing the marketplace. In this section you learn about the validation process and what are the guidelines for acceptance criteria.
The fees and all the commercial details of the FusionFabric.cloud program are detailed in the Program Guide.
Validation Steps
All submitted apps must pass a validation process, which includes the following steps:
Step | Details | |
---|---|---|
Legal and compliance | Due diligence review by Finastra (Legal and Risk team) to register you as a vendor. | |
Product review | After the development of your app, you should organize a demo session to validate the technical integration with FusionFabric.cloud building blocks - APIs, SPIs, datasets. | |
Go to Market | Sales enablement - all documentation must be provided to support sales activities. Creation of relevant records in Finastra CRM system to track opportunities and close deals. | |
Security assessment | Technical review, by an independent 3rd Party. See the details in the next section. |
The first three steps are conducted by Finastra.
The fourth step - the security review, is performed by Finastra’s global security partner, Synopsys. All validation costs are pre-negotiated with Synopsys, and thus, the cost of a 3rd party security assessment and report is attractive, regardless of its connection to FusionFabric.cloud.
The security review step is mandatory for signing off the contract with your app first customer.
Apps may fail the security review because of poor performance, inadequate security or other technical or user experience reasons. There are clear guidelines for acceptance criteria, so your app gets accepted through the validation process the first time through. You will be provided with feedback explaining why the app has failed the review process and the corrective action plan to be taken.
The security validation process duration can take up to one calendar month.
Onboarding Stages
The publication to FusionStore is a multi-stage process, that allows you to engage progressively.
Stage | Details | |
---|---|---|
Coming Soon | This stage is important for building demand for your app among Finastra clients in FusionStore. At the moment of passing this stage, your app is available in FusionStore marked with a Coming soon label. |
|
In Store | In this stage, your app is published on FusionStore and starts to track opportunities among Finastra’s customer base | |
In Market | This stage represents the final validation of your app. It is possible for you to sign a contract with customers. |
In the Coming Soon stage, your app is published in FusionStore with a Coming soon label.
![](img/coming-soon-app.png)
An app with the Coming Soon label in FusionStore
Activities for Progressive Onboarding
Here are, briefly, the mandatory activities that you will perform to pass the validation steps for each progressive stage of your onboarding to FusionStore.
Coming Soon | In Store | In Market | |
---|---|---|---|
Legal and compliance | Finastra contract is signed. First level of due diligence with a general questionnaire. |
Due diligence completed with all the additional documentation. | |
Product review | App card is published in FusionStore. | Demo session to validate the technical integration with the registered building blocks - APIs, SPIs, datasets. | |
Go to Market | Provide documentation - app brief, pitch deck, to support sales activities. Creation of relevant records in Finastra CRM system - vendor and product. |
||
Security assessment | The app security assessment is completed. |
To find more about Finastra’s building blocks and how to use them, check FusionCreator Applications section.
Security Assessment
App Classification
Each app requires a distinct level of access to financial institutions data, and thus, the validation levels are defined in accordance to:
- the access type: read vs. update
- data classification: financial data vs. Personally Identifiable Information (PII).
Apps can be classified into two levels:
Level 1 | Reads financial data |
Level 2 | Updates financial data or reads PII |
Validation Buckets
Each classified app can be bucketed into one of the three options – Standard, Advanced, and Premium.
Validation bucket | Activities |
---|---|
Standard |
|
Advanced |
|
Premium |
|
The Standard validation includes the security questionnaire, which covers many of the information security questions a financial institution would ask during a vendor risk assessment process.
The Advanced and Premium validations include more technical reviews to provide more confidence to the financial institutions during the app selection process.
Each app has a unique branding on FusionStore, which allows the financial institutions to select it based on its risk profile. Finastra recommends the financial institutions to choose the certification bucket in accordance to the app classification.
Finastra requires, at a minimum, an annual standard validation bucket for apps that fall into level 1, and an annual advanced validation for apps in level 2.
Please click here for detailed guidance on the security assessment process and questionnaire.
FusionStore Application Page Badge Qualifications
Each application page in FusionStore has badges based on the specific onboarding steps completed by fintech. This information is controlled and updated by Finastra team.
![](img/badges.png)
Badges
The table below illustrates badges and their details:
Badge | Details | |
---|---|---|
Company Verified | The company has passed the due diligence performed by Finastra Legal | and Risk Team based on the following information:
|
|
Security Verified | The application has done security control assessment performed by Finastra’s global security partner Synopsys and the assessment result is passed by Finastra Security Team. Please find more information on the link here. | |
Commercial Model | Refer:
Resell:
API Consumption Only:
Finastra Application:
|
Release Management
Your app is subject to a lifecycle that is a continuous loop. You are expected to deliver updates to your app, as periodic releases. Each release published to FusionStore is reviewed by Finastra. Each app released into FusionStore, or a significant infrastructure change on the app developer’s side is required to pass a release validation to ensure the security controls are maintained.
Below is an overview of the release management process and applicability to the chosen buckets.
Change Description | Activities | Applicable Validation Buckets | |
---|---|---|---|
Low-Impact Change | Bug fixes and UI modifications. Metadata updates or integrations with newer versions of APIs or datasets. No action is required from Synopsys. |
|
All |
Medium-Impact Change | Functionality that reads Financial Data. |
|
Advanced, Premium |
High-Impact Change | Functionality that updates Financial Data or assesses PII. |
|
Advanced, Premium |
Annual Review |
|
All |