Your complete guide to how we work — systems, tools, access policies, and best practices. Read through carefully and acknowledge at the end.
Aquarium Investments IPS (AQRM) is an investment management and advisory firm with a strong focus on emerging markets, FX, and precious metals. We manage client portfolios individually, produce detailed reporting, and maintain rigorous internal controls to ensure compliance, transparency, and performance across all managed assets.
Teams operate around core functions: portfolio management, client reporting, compliance, and IT. Each employee is granted access permissions aligned with their role. Cross-functional collaboration happens through Microsoft 365, with Aleph serving as our primary client-facing reporting and portfolio platform.
Primary channel for internal and external communication. Automated internal controls reports are sent weekly to all relevant stakeholders. Check it every day.
All company documents are stored in OneDrive. Access is role-based — you will only see the folders and files your position requires. Insufficient access? Contact IT.
Our proprietary asset management and client reporting system. Clients view their portfolios here. Admin access is IP-restricted — office Wi-Fi or VPN required.
How to access →Our internal intranet for company policies, onboarding materials, and shared knowledge bases. You are reading it now.
Our public-facing website with company information for clients and prospects. Not an internal tool — do not reference it for internal processes.
Visit aqrm.com →Mandatory when working remotely and accessing any IP-restricted resource, including Aleph's admin panel. Activate VPN before attempting restricted access.
Aleph is our asset management and client reporting platform. The admin panel is restricted to the office IP address. Whether in the office or working remotely, follow the steps below to gain access.
Connect to the designated office Wi-Fi. You are automatically assigned the correct IP and can access the Aleph admin panel directly from your browser.
Connect to the company VPN before opening Aleph. VPN routes your traffic through the office IP, enabling full admin access from any location.
If you receive an authorisation error or cannot load the admin panel, contact IT at [email protected] immediately. Do not attempt workarounds.
Clients access their own Aleph portal independently. Never share admin credentials or admin URLs with clients under any circumstance.
Internal controls run automatically and are distributed every week via Outlook to all relevant employees. These cover portfolio positions, compliance thresholds, and operational metrics. Review your weekly report and escalate any anomaly immediately to your manager.
Every employee is assigned an access level corresponding to the documents, tools, and data they need. OneDrive, SharePoint, and internal systems all enforce these levels. If you believe your access is insufficient for a task, raise a formal IT request rather than attempting workarounds.
Contact IT immediately — without delay — for any of the following: missing or insufficient Microsoft Office or OneDrive access; inability to connect to VPN or Aleph; or any unusual activity in our IT environment, including phishing attempts (internal or external), suspicious logins, unexpected permission changes, or anything that seems out of the ordinary.
Do not attempt to resolve security incidents yourself. Report first, then follow guidance from IT.
Your login credentials for any AQRM system are personal and non-transferable. Do not share passwords with anyone — including colleagues or IT staff. IT will never ask for your password.
Any time you leave your workstation unattended — even briefly — lock your screen. Win + L on Windows, Ctrl + Cmd + Q on macOS. This applies in the office and especially in public spaces.
Be sceptical of emails requesting urgent action, unusual downloads, or credential entry — even from internal-looking addresses. Verify with the sender through a separate channel before clicking links or attachments.
All company documents must be saved to the appropriate OneDrive folder — never to your local desktop or personal drives. This ensures version control, access continuity, and compliance with data retention policies.
Client portfolio information is strictly confidential. Do not share, forward, print, or discuss client data outside approved channels. Any accidental disclosure must be reported to your manager and IT immediately.
When working remotely, connect to the company VPN before accessing any internal system. Avoid public Wi-Fi without VPN active. Treat your home network with the same caution as a public one.
The automated weekly controls report distributed to your Outlook is not optional. Review it every week and escalate anything unexpected. Ignoring anomalies is a compliance risk for you and for the firm.
All business communication — client-related or internal — must go through approved company channels (Outlook, Teams). Do not use personal email, WhatsApp, or external platforms for company business.
If you encounter a system error, unexpected permission, or any security concern — report it to IT before attempting to resolve it yourself. Undocumented changes to access or systems create compliance gaps.
The acknowledgement form below captures responses locally as a lightweight demo. For a full auditable trail of who has viewed and agreed to these policies, the approaches below are recommended — from simplest to most robust.
Create a Microsoft Form (name, employee ID, confirmation checkbox). Embed it into this SharePoint page via the Forms web part. Responses log automatically to an Excel sheet in SharePoint with verified M365 identity and timestamp.
SharePoint modern pages have built-in analytics for site owners. Go to your page → Settings → Page details → View analytics. See unique viewers, view counts, and dates — all tied to verified M365 accounts.
Connect the acknowledgement form to a Power Automate flow that writes each submission to a SharePoint List or Excel file and sends a confirmation email to the employee and HR simultaneously.
Create a SharePoint List titled "Policy Acknowledgements." Employees submit their name and confirm — the list records their M365 identity, date, and time automatically. No external tools required.
Work with IT to configure an Azure AD Conditional Access policy requiring employees to acknowledge a Terms of Use document before accessing company resources. Logs stored in Azure AD with full timestamps.
Whichever method you choose, link the acknowledgement record to the employee's HR onboarding checklist. Requiring completion before IT provisions full access ensures no employee starts without reading the policy.
Note for IT: The acknowledgement form below uses in-browser session storage as a demo. For production, replace it with an embedded Microsoft Form or a Power Automate-connected SharePoint List to ensure persistent, auditable records tied to verified M365 identities.
Please complete the form below to confirm that you have read, understood, and agree to comply with AQRM's systems, access policies, and good practice guidelines outlined on this page. Your response is logged automatically.
1. Confidentiality. All client data, portfolio information, internal reports, and company processes are strictly confidential. You must not disclose any such information to unauthorised parties, inside or outside the organisation.
2. System Access. You will only access systems, files, and data your role requires. You will not attempt to bypass, escalate, or circumvent access controls. Any access issues must be reported to IT.
3. Security Obligations. You will use strong, unique passwords, lock your screen when unattended, connect via VPN when off-site, and report any suspected phishing, breach, or unusual activity to IT immediately.
4. Data Storage. All company documents must be saved to OneDrive in the appropriate folder. Local storage of company data is not permitted.
5. Communication. All business-related communication must occur through approved company channels. Personal platforms may not be used for company business.
6. Compliance. You will read and act on your weekly automated controls report. Anomalies must be escalated to your manager without delay.
7. Incident Reporting. You agree to report — not resolve independently — any IT, security, or compliance incident you encounter during your employment at AQRM.
Your response is recorded in Microsoft Forms and logged automatically to the AQRM Onboarding Acknowledgements register. A confirmation will be sent to your work email. If you experience any issues submitting this form contact informationtechnology@aqrm.com.