Continual Improvement Process

Objective

This process aims to allow FundApps to continually improve the suitability, adequacy and effectiveness of the information security management system.

Scope

Nonconformities of FundApps' Information Security Management System with ISO 27001:2013.

Policy

FundApps shall implement the following process when nonconformities arise:

React to the nonconformity

FundApps shall react to the nonconformity as applicable by taking action to control and correct it and deal with its consequences.

Non-conformities will be logged in ClubHouse, a ticketing system.

Evaluate the root cause

FundApps shall evaluate the need for action to eliminate the causes of the nonconformity to ensure it does not occur again.

To do so FundApps shall:

  • review the nonconformity;

  • determine the cause of the nonconformity; and

  • determine if similar nonconformities exist or could potentially occur.

The remediation action and a deadline will be logged in ClubHouse for each non-conformity.

Remediate root cause

FundApps shall implement actions required to address the root cause of the nonconformity.

Once the action has been implemented, the corresponding ClubHouse story will be marked as done.

Determine effectiveness of the remediation

FundApps shall review the effectiveness of the remediation actions which have been taken and make further changes to the ISMS if necessary.

Retain evidence

FundApps shall retain evidence of:

  • the nature of the nonconformities and any subsequent action taken, and

  • the result of any remediation actions.

PreviousInternal Audit Plan 2021NextInternal and External Communication Plan

Last updated

Was this helpful?