LogoLogo
v2021-10
Current Versionv2018-04v2019-09v2019-11v2020-03v2020-05v2020-08v2021-01v2021-07v2021-10
v2021-10
Current Versionv2018-04v2019-09v2019-11v2020-03v2020-05v2020-08v2021-01v2021-07v2021-10
  • Welcome
  • FundApps Policies
    • Technical & Platform Overview
    • Software Development
    • Risk Management
      • Risk Management Framework
      • Information Asset Register
      • Information Systems Register
      • Data Classification and Protection Standard
    • Information Security Management System
      • Information Security Management Policy
      • Scope
      • Statement of Applicability
      • Objective Plan
      • Roles, Responsibilities and Organisation
      • Performance Evaluation
      • Internal Audit Policy
      • Internal Audit Plan 2021
      • Continual Improvement Process
      • Internal and External Communication Plan
      • Document Control Policy
    • Information Security Policies
      • Client Services Access to Client Environments
      • Employee Guide
      • Security Awareness Program
      • Social Media
      • Access Control
      • Physical Security
      • Network Security
      • Logging, Monitoring and Alerting
      • Incident Response
      • Data Backups
      • Privacy Policy
      • Vulnerability Management Policy
      • Security Exception Management Policy
      • Information Security Risk Register
      • Data Retention Policy
      • Patch Management Policy
      • Cryptographic Policy
      • Information Security in Project Management
      • Information Transfer Policy
    • Business Continuity
      • Business Continuity Management System
      • Business Continuity Policy
      • Business Continuity Risk Register
      • Technical Resilience
      • Business Continuity Documents
    • Personnel & Safety
      • Overview
      • Code of Conduct
      • Health and Safety
      • Third party vendors
  • Policy Change Log
    • August 2021
    • July 2021
    • January 2021
    • August 2020
    • May 2020
    • March 2020
    • November 2019
    • September 2019
Powered by GitBook
On this page
  • Roles and Responsibilities
  • ISMS Manager
  • ISMS Implementer
  • ISMS Internal Auditor
  • Leadership Team
  • FundApps staff
  • Organisation
  • Competence

Was this helpful?

Export as PDF
  1. FundApps Policies
  2. Information Security Management System

Roles, Responsibilities and Organisation

Roles and Responsibilities

ISMS Manager

The CTO shall ensure FundApps allocates the appropriate resources to ensure the ISMS' conformity with the ISO 27001 standard and shall report the performance of the ISMS to the Leadership team.

ISMS Implementer

The Information Security Lead shall maintain the ISMS, assess its conformity with the ISO 27001 standard, define appropriate corrective actions and report its performance to the CTO.

ISMS Internal Auditor

The internal auditor, who can be a staff member or a consultant, shall perform an impartial internal audit against the requirements of the ISO 27001 standard, and follow-up on the internal audit results to achieve continual improvement.

Leadership Team

The leadership team will ensure the performance of the ISMS aligns with FundApps' business objectives.

FundApps staff

Finally all FundApps staff members contribute to the ISMS, FundApps' security policies and procedures.

Organisation

The following diagram details the organisation between the staff who have a role in the ISMS.

Competence

FundApps assesses the competencies of those who play a role in the ISMS based on the table below:

Role

Competencies

How competencies are assessed

ISMS Manager

Technical Leadership experience

Technical and architectural expertise

Experience in an environment with high security requirements

Competencies are assessed during recruitment process and ISMS annual review meeting.

ISMS Implementer

Information Security Leadership experience

Information Security expertise

Competencies are assessed during recruitment process and ISMS annual review meeting.

ISMS Internal Auditor

Auditor experience

ISO 27001 expertise

Competencies are assessed during recruitment/purchasing process and ISMS annual review meeting.

Leadership Team

FundApps Staff

Knowledge of FundApps' Information Security Policies

Knowledge on how to react to most common security threats (e.g. react to phishing emails)

Competencies are assessed during new joiner information security training and during annual refreshers.

If gaps are identified with the required competencies, FundApps will define a set of actions to remediate it. These actions may include training, mentoring or hiring or contracting competent persons.

PreviousObjective PlanNextPerformance Evaluation

Last updated 3 years ago

Was this helpful?