LogoLogo
Current Version
Current Versionv2018-04v2019-09v2019-11v2020-03v2020-05v2020-08v2021-01v2021-07v2021-10
Current Version
Current Versionv2018-04v2019-09v2019-11v2020-03v2020-05v2020-08v2021-01v2021-07v2021-10
  • Welcome to FundApps' Policy Portal
  • FundApps Policies
    • Technical & Platform Overview
    • Software Development
    • Risk Management
      • Risk Management Framework
      • Information Asset Register
      • Information Systems Register
      • Data Classification and Protection Standard
    • Information Security Management System
      • Information Security Management Policy
      • Scope
      • Statement of Applicability
      • Objective Plan
      • Roles, Responsibilities and Organisation
      • Performance Evaluation
      • Internal Audit Policy
      • Internal Audit Plan for a 3 year cycle
      • Continual Improvement Process
      • Internal and External Communication Plan
      • Document Control Policy
    • Information Security Policies
      • Client Services Access to Client Environments
      • Employee Guide
      • Security Awareness Program
      • Social Media
      • Access Control
      • Physical Security
      • Network Security
      • Logging, Monitoring and Alerting
      • Incident Response
      • Data Backups
      • Privacy Policy
      • Vulnerability Management Policy
      • Security Exception Management Policy
      • Information Security Risk Register
      • Data Retention Policy
      • Patch Management Policy
      • Cryptographic Policy
      • Information Security in Project Management
      • Information Transfer Policy
      • Third Party Risk Management
    • Business Continuity
      • Business Continuity Management System
      • Business Continuity Policy
      • Business Continuity Risk Register
      • Technical Resilience
      • Business Continuity Documents
    • Personnel & Safety
      • Overview
      • Code of Conduct
      • Health and Safety
      • Third party vendors
      • The FundApps Code for Third Parties
  • Legal Information
    • 📖General Terms
      • Fair Usage Policy
      • Third Party Data Provider Terms
    • DORA
      • Operational Resilience Statement
      • Statement on Contractual Compliance
      • Subcontractors and Service Location
      • Threat-Led Penetration Tests (TLPT) Policy
    • Insurance
    • 🌍Carbon Neutral
  • Policy Change Log
    • March 2025
    • January 2025
    • December 2024
    • November 2024
    • October 2024
    • August 2024
    • July 2024
    • June 2024
    • April 2024
    • February 2024
    • January 2024
    • November 2023
    • October 2023
    • September 2023
    • August 2023
    • June 2023
    • February 2023
    • December 2022
    • October 2022
    • September 2022
    • June 2022
    • March 2022
    • February 2022
    • January 2022
    • December 2021
    • November 2021
    • October 2021
    • August 2021
    • July 2021
    • January 2021
    • August 2020
    • May 2020
    • March 2020
    • November 2019
    • September 2019
Powered by GitBook
On this page

Was this helpful?

Export as PDF
  1. FundApps Policies
  2. Information Security Management System

Objective Plan

The following table describes the plan for 2025 to achieve FundApps' objectives.

Objective
What will be done
Responsible
Resources required
Evaluation
Est. completion date

1) Ensure the protection of non-public data managed by FundApps' Information Systems.

Reduce the need to access client environments for Client Success staff

Security team

Security team, Engineering time, CS team

CS can manage the health of a client without the need to log into a client environment.

End of December 2025

2) Ensure the protection of all FundApps Information Systems against the risks of unauthorised access, misuse, damage and abuse.

Implement new security practices (i.e., threat modeling & bug bounty).

Security team

Budget for Bug bounty program, Engineering time, Security team

Bug bounty program implemented for a trial period. Teams conducted threat modeling on all new systems.

End of December 2025

3) Maintain compliance with security standards.

Maintain a SOC 2 Type II Report and ISO 27001 attestations.

Security team

Internal and External auditors

Results of an ISO 27001:2022 and SOC 2 audits

End of December 2025

4) Maintain a cycle of continuous improvement.

Remediate findings identified by audits.

Security team

Ad-hoc

All non-conformities have been remediated

End of December 2025

5) Foster a culture of security awareness within FundApps.

Provide team specific Information Security training.

Security team

Security team time

Provided targeted training for staff with higher rates of security incidents. Results of an advanced phishing exercise

End of December 2025

6) Demonstrate a high level of competence and expertise in Information Security

Ensure that our platform upholds top-tier security features.

Security team

Security team, Engineering time

Implemented an audit trail streaming feature to integrate with the client’s SIEM tools

End of December 2025

7) Protect FundApps from liability or damage due to an Information Security Incident.

Reduce the security impact of third party agents

Security team

Security team, Engineering time

Reduced number of third-party agents on endpoints and production infrastructure. Evaluated residual risk of all remaining agents.

End of December 2025

(8) Comply with new and upcoming regulations.

Comply with DORA regulation

Security team

Security team, Legal team

Implemented policies and guidelines that will ensure our compliance with DORA

January 17, 2025

(9) Strengthen Platform Resilience and Disaster Recovery

Broaden scenario coverage, automate DR plan execution, and integrate DR plans into incident management procedures.

Security team

Security team, Engineering time

Reduced time to run Disaster recovery tests. DR plans are integrated into incident management procedures.

End of December 2025

PreviousStatement of ApplicabilityNextRoles, Responsibilities and Organisation

Last updated 1 month ago

Was this helpful?