1 of 1

Objective Plan

The following table describes the plan for 2025 to achieve FundApps' objectives.

Objective

What will be done

Responsible

Resources required

Evaluation

Est. completion date

1) Ensure the protection of non-public data managed by FundApps' Information Systems.

Reduce the need to access client environments for Client Success staff

Security team

Security team, Engineering time, CS team

CS can manage the health of a client without the need to log into a client environment.

End of December 2025

2) Ensure the protection of all FundApps Information Systems against the risks of unauthorised access, misuse, damage and abuse.

Implement new security practices (i.e., threat modeling & bug bounty).

Security team

Budget for Bug bounty program, Engineering time, Security team

Bug bounty program implemented for a trial period. Teams conducted threat modeling on all new systems.

End of December 2025

3) Maintain compliance with security standards.

Maintain a SOC 2 Type II Report and ISO 27001 attestations.

Security team

Internal and External auditors

Results of an ISO 27001:2022 and SOC 2 audits

End of December 2025

4) Maintain a cycle of continuous improvement.

Remediate findings identified by audits.

Security team

Ad-hoc

All non-conformities have been remediated

End of December 2025

5) Foster a culture of security awareness within FundApps.

Provide team specific Information Security training.

Security team

Security team time

Provided targeted training for staff with higher rates of security incidents. Results of an advanced phishing exercise

End of December 2025

6) Demonstrate a high level of competence and expertise in Information Security

Ensure that our platform upholds top-tier security features.

Security team

Security team, Engineering time

Implemented an audit trail streaming feature to integrate with the client’s SIEM tools

End of December 2025

7) Protect FundApps from liability or damage due to an Information Security Incident.

Reduce the security impact of third party agents

Security team

Security team, Engineering time

Reduced number of third-party agents on endpoints and production infrastructure. Evaluated residual risk of all remaining agents.

End of December 2025

(8) Comply with new and upcoming regulations.

Comply with DORA regulation

Security team

Security team, Legal team

Implemented policies and guidelines that will ensure our compliance with DORA

January 17, 2025

(9) Strengthen Platform Resilience and Disaster Recovery

Broaden scenario coverage, automate DR plan execution, and integrate DR plans into incident management procedures.

Security team

Security team, Engineering time

Reduced time to run Disaster recovery tests. DR plans are integrated into incident management procedures.

End of December 2025

Objective Plan

The following table describes the plan for 2025 to achieve FundApps' objectives.

Objective

What will be done

Responsible

Resources required

Evaluation

Est. completion date

1) Ensure the protection of non-public data managed by FundApps' Information Systems.

Reduce the need to access client environments for Client Success staff

Security team

Security team, Engineering time, CS team

CS can manage the health of a client without the need to log into a client environment.

End of December 2025

2) Ensure the protection of all FundApps Information Systems against the risks of unauthorised access, misuse, damage and abuse.

Implement new security practices (i.e., threat modeling & bug bounty).

Security team

Budget for Bug bounty program, Engineering time, Security team

Bug bounty program implemented for a trial period. Teams conducted threat modeling on all new systems.

End of December 2025

3) Maintain compliance with security standards.

Maintain a SOC 2 Type II Report and ISO 27001 attestations.

Security team

Internal and External auditors

Results of an ISO 27001:2022 and SOC 2 audits

End of December 2025

4) Maintain a cycle of continuous improvement.

Remediate findings identified by audits.

Security team

Ad-hoc

All non-conformities have been remediated

End of December 2025

5) Foster a culture of security awareness within FundApps.

Provide team specific Information Security training.

Security team

Security team time

Provided targeted training for staff with higher rates of security incidents. Results of an advanced phishing exercise

End of December 2025

6) Demonstrate a high level of competence and expertise in Information Security

Ensure that our platform upholds top-tier security features.

Security team

Security team, Engineering time

Implemented an audit trail streaming feature to integrate with the client’s SIEM tools

End of December 2025

7) Protect FundApps from liability or damage due to an Information Security Incident.

Reduce the security impact of third party agents

Security team

Security team, Engineering time

Reduced number of third-party agents on endpoints and production infrastructure. Evaluated residual risk of all remaining agents.

End of December 2025

(8) Comply with new and upcoming regulations.

Comply with DORA regulation

Security team

Security team, Legal team

Implemented policies and guidelines that will ensure our compliance with DORA

January 17, 2025

(9) Strengthen Platform Resilience and Disaster Recovery

Broaden scenario coverage, automate DR plan execution, and integrate DR plans into incident management procedures.

Security team

Security team, Engineering time

Reduced time to run Disaster recovery tests. DR plans are integrated into incident management procedures.

End of December 2025