This process aims to allow FundApps to continually improve the suitability, adequacy and effectiveness of the information security management system.
Nonconformities of FundApps' Information Security Management System with ISO 27001:2013.
FundApps shall implement the following process when nonconformities arise:
FundApps shall react to the nonconformity as applicable by taking action to control and correct it and deal with its consequences.
FundApps shall evaluate the need for action to eliminate the causes of the nonconformity to ensure it does not occur again.
To do so FundApps shall:
review the nonconformity;
determine the cause of the nonconformity; and
determine if similar nonconformities exist or could potentially occur.
FundApps shall implement actions required to address the root cause of the nonconformity.
FundApps shall review the effectiveness of the remediation actions which have been taken and make further changes to the ISMS if necessary.
FundApps shall retain evidence of:
the nature of the nonconformities and any subsequent action taken, and
the result of any remediation actions.
Non-conformities will be logged in , a ticketing system.
The remediation action and a deadline will be logged in for each non-conformity.
Once the action has been implemented, the corresponding story will be marked as done.