The purpose of this policy is to define the way in which FundApps manages third party risks.
This policy applies to all FundApps third parties which impact FundApps' Information System.
FundApps assess the risk posed by all third party providers which interact with FundApps' Information System.
This assessment is based on the review of security accreditations the third party might hold (e.g. ISO 27001 certificate, SOC 2 report) as well as specific questions tailored to the Third Party provider.
FundApps reviews the risks posed by critical Third Party providers on an annual basis.
This review is logged in FundApps' monthly security meeting.
Security Team
Perform risk assessment of third party provider
System Owner (Supplier Relationship Manager)
Describe the nature of the third party Relationship Facilitate review of third party provider
Risks identified through this process will be managed in accordance to FundApps' .