LogoLogo
Current Version
Current Versionv2018-04v2019-09v2019-11v2020-03v2020-05v2020-08v2021-01v2021-07v2021-10
Current Version
Current Versionv2018-04v2019-09v2019-11v2020-03v2020-05v2020-08v2021-01v2021-07v2021-10
  • Welcome to FundApps' Policy Portal
  • FundApps Policies
    • Technical & Platform Overview
    • Software Development
    • Risk Management
      • Risk Management Framework
      • Information Asset Register
      • Information Systems Register
      • Data Classification and Protection Standard
    • Information Security Management System
      • Information Security Management Policy
      • Scope
      • Statement of Applicability
      • Objective Plan
      • Roles, Responsibilities and Organisation
      • Performance Evaluation
      • Internal Audit Policy
      • Internal Audit Plan for a 3 year cycle
      • Continual Improvement Process
      • Internal and External Communication Plan
      • Document Control Policy
    • Information Security Policies
      • Client Services Access to Client Environments
      • Employee Guide
      • Security Awareness Program
      • Social Media
      • Access Control
      • Physical Security
      • Network Security
      • Logging, Monitoring and Alerting
      • Incident Response
      • Data Backups
      • Privacy Policy
      • Vulnerability Management Policy
      • Security Exception Management Policy
      • Information Security Risk Register
      • Data Retention Policy
      • Patch Management Policy
      • Cryptographic Policy
      • Information Security in Project Management
      • Information Transfer Policy
      • Third Party Risk Management
    • Business Continuity
      • Business Continuity Management System
      • Business Continuity Policy
      • Business Continuity Risk Register
      • Technical Resilience
      • Business Continuity Documents
    • Personnel & Safety
      • Overview
      • Code of Conduct
      • Health and Safety
      • Third party vendors
      • The FundApps Code for Third Parties
  • Legal Information
    • 📖General Terms
      • Fair Usage Policy
      • Third Party Data Provider Terms
    • DORA
      • Operational Resilience Statement
      • Statement on Contractual Compliance
      • Subcontractors and Service Location
      • Threat-Led Penetration Tests (TLPT) Policy
    • Insurance
    • 🌍Carbon Neutral
  • Policy Change Log
    • March 2025
    • January 2025
    • December 2024
    • November 2024
    • October 2024
    • August 2024
    • July 2024
    • June 2024
    • April 2024
    • February 2024
    • January 2024
    • November 2023
    • October 2023
    • September 2023
    • August 2023
    • June 2023
    • February 2023
    • December 2022
    • October 2022
    • September 2022
    • June 2022
    • March 2022
    • February 2022
    • January 2022
    • December 2021
    • November 2021
    • October 2021
    • August 2021
    • July 2021
    • January 2021
    • August 2020
    • May 2020
    • March 2020
    • November 2019
    • September 2019
Powered by GitBook
On this page
  • Roles and Responsibilities
  • ISMS Manager
  • ISMS Implementer
  • ISMS Internal Auditor
  • Leadership Team
  • FundApps staff
  • Organisation
  • Competence

Was this helpful?

Export as PDF
  1. FundApps Policies
  2. Information Security Management System

Roles, Responsibilities and Organisation

Roles and Responsibilities

ISMS Manager

The CTO shall ensure FundApps allocates the appropriate resources to ensure the ISMS' conformity with the ISO 27001 standard and shall report the performance of the ISMS to the Leadership team.

ISMS Implementer

The Head of Information Security shall maintain the ISMS, assess its conformity with the ISO 27001 standard, define appropriate corrective actions and report its performance to the CTO.

ISMS Internal Auditor

The internal auditor, who can be a staff member or a consultant, shall perform an impartial internal audit against the requirements of the ISO 27001 standard, and follow-up on the internal audit results to achieve continual improvement.

Leadership Team

The leadership team will ensure the performance of the ISMS aligns with FundApps' business objectives.

FundApps staff

Finally all FundApps staff members contribute to the ISMS, FundApps' security policies and procedures.

Organisation

The following diagram details the organisation between the staff who have a role in the ISMS.

Competence

FundApps assesses the competencies of those who play a role in the ISMS based on the table below:

Role
Competencies
How competencies are assessed
Criteria to assess competencies
Action Plan to address shortcomings
Desired level of competency

ISMS Manager

Technical Leadership experience.

Technical and architectural expertise.

Experience in an environment with high security requirements.

Competencies are assessed during recruitment process and during annual review.

Assess experience against match those set out in competencies column.

External Information Security Training

>1 year experience leading a Technology team. Degree in Computer Science >1 year experience working in a company with high security requirements (e.g. Financial Institution).

ISMS Implementer

Information Security Leadership experience.

Information Security expertise.

Information Security Certifications.

Competencies are assessed during recruitment process and during annual review.

Assess experience, expertise and certifications against match those set out in competencies column.

External Information Security Training

>1 year experience leading an Information Security team Degree in Information Security Management Systems Information Security Certification

ISMS Internal Auditor

Auditor experience.

ISO 27001 expertise.

Competencies are assessed during recruitment/purchasing process for Internal auditor and/or during annual review.

Assess experience and expertise.

External Information Security Training

>1 year experience as auditor ISO 27001 Lead Auditor certification

Leadership Team,

FundApps Staff

Knowledge of FundApps' Information Security Policies

Knowledge on how to react to most common security threats (e.g. react to phishing emails)

Competencies are assessed during annual Information Security Test.

Assess compliance with Information Security Test.

FundApps InfoSec Training

Pass annual Information Security Test

If gaps are identified with the required competencies, FundApps will define a set of actions to remediate it. These actions may include training, mentoring or hiring or contracting competent persons.

PreviousObjective PlanNextPerformance Evaluation

Last updated 1 year ago

Was this helpful?