# Information Systems Register FundApps' information systems register \[[Restricted to FundApps staff](https://fundapps.whistic.com/v2/console/dashboard)] contains any system (internal or external) that holds or permits access to information assets in our [information asset register](/client-portal/-LubIC9uIsME-_T0mNXu/fundapps-policies/risk-management/information-asset-register.md). For example, this includes: * Client instances * Amazon AWS (production data) * Google Mail (our own internal communications) ## Identification Information systems are identified as part of: * Supplier Review Procedure * Monthly security review meetings * Our software development lifecycle * Everyday working practice ## Third-party vendors This register includes information systems that FundApps depends on and that third-party vendors manage. As such, we evaluate business continuity and sufficient security controls as part of our assessment process. ## Assessment For each information system identified, we * Assign an owner (Supplier Relationship Manager) for the system. * Identify the business criticality. * Identify the [data classification](/client-portal/-LubIC9uIsME-_T0mNXu/fundapps-policies/risk-management/data-classification.md) the system falls under based on the maximum data classification of the information stored. * Based on the data classification, identify information security and business continuity controls. This information is stored in our Third-Party Risk Management System. * Identify any specific risks relating to this third party and record them in our * Third-Party Risk Management System, * The Information Security Risk Register, * Business Continuity Risk Register, or * DPIA. ## Review Information systems are reviewed as part of our monthly security review meetings. --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://policies.fundapps.co/client-portal/-LubIC9uIsME-_T0mNXu/fundapps-policies/risk-management/information-systems-register.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.