LogoLogo
Current Version
Current Version
  • Welcome to FundApps' Policy Portal
  • FundApps Policies
    • Technical & Platform Overview
    • Software Development
    • Risk Management
      • Risk Management Framework
      • Information Asset Register
      • Information Systems Register
      • Data Classification and Protection Standard
    • Information Security Management System
      • Information Security Management Policy
      • Scope
      • Statement of Applicability
      • Objective Plan
      • Roles, Responsibilities and Organisation
      • Performance Evaluation
      • Internal Audit Policy
      • Internal Audit Plan for a 3 year cycle
      • Continual Improvement Process
      • Internal and External Communication Plan
      • Document Control Policy
    • Information Security Policies
      • Client Services Access to Client Environments
      • Employee Guide
      • Security Awareness Program
      • Social Media
      • Access Control
      • Physical Security
      • Network Security
      • Logging, Monitoring and Alerting
      • Incident Response
      • Data Backups
      • Privacy Policy
      • Vulnerability Management Policy
      • Security Exception Management Policy
      • Information Security Risk Register
      • Data Retention Policy
      • Patch Management Policy
      • Cryptographic Policy
      • Information Security in Project Management
      • Information Transfer Policy
      • Third Party Risk Management
    • Business Continuity
      • Business Continuity Management System
      • Business Continuity Policy
      • Business Continuity Risk Register
      • Technical Resilience
      • Business Continuity Documents
    • Personnel & Safety
      • Overview
      • Code of Conduct
      • Health and Safety
      • Third party vendors
      • The FundApps Code for Third Parties
  • Legal Information
    • 📖General Terms
      • Fair Usage Policy
      • Third Party Data Provider Terms
    • DORA
      • Operational Resilience Statement
      • Statement on Contractual Compliance
      • Subcontractors and Service Location
      • Threat-Led Penetration Tests (TLPT) Policy
    • 📃Insurance
    • 🌍Carbon Neutral
  • 🤖AI
    • 💬FundApps Assistant (Intercom)
  • Policy Change Log
    • May 2025
    • March 2025
    • January 2025
    • December 2024
    • November 2024
    • October 2024
    • August 2024
    • July 2024
    • June 2024
    • April 2024
    • February 2024
    • January 2024
    • November 2023
    • October 2023
    • September 2023
    • August 2023
    • June 2023
    • February 2023
    • December 2022
    • October 2022
    • September 2022
    • June 2022
    • March 2022
    • February 2022
    • January 2022
    • December 2021
    • November 2021
    • October 2021
    • August 2021
    • July 2021
    • January 2021
    • August 2020
    • May 2020
    • March 2020
    • November 2019
    • September 2019
Powered by GitBook
On this page
  • Year 1
  • Year 2
  • Year 3

Was this helpful?

Export as PDF
  1. FundApps Policies
  2. Information Security Management System

Internal Audit Plan for a 3 year cycle

PreviousInternal Audit PolicyNextContinual Improvement Process

Last updated 11 months ago

Was this helpful?

This plan describes how the Internal Audit will be split over 3 years, so that every 3 year cycle the entirety of FundApps' Information Security Management System has been audited.

Once a cycle of 3 years is completed, a new 3 year cycle will begin.

Year 1

This internal audit shall cover the following elements:

  • Clauses 4 to 10;

  • All Annex A controls in scope as per the .

The audit will be performed before the end of June of year 1.

Year 2

This internal audit shall cover the following elements:

  • Clauses 4 to 10;

  • Annex A controls in scope as per the from A.5.1. to A.6.8 included.

The audit will be performed before the end of June of year 2.

Year 3

This internal audit shall cover the following elements:

  • Clauses 4 to 10;

The audit will be performed before the end of June of year 3.

Annex A controls in scope as per the from A.7.1 to A.8.34 included.

statement of applicability
statement of applicability
statement of applicability