LogoLogo
Current Version
Current Version
  • Welcome to FundApps' Policy Portal
  • FundApps Policies
    • Technical & Platform Overview
    • Software Development
    • Risk Management
      • Risk Management Framework
      • Information Asset Register
      • Information Systems Register
      • Data Classification and Protection Standard
    • Information Security Management System
      • Information Security Management Policy
      • Scope
      • Statement of Applicability
      • Objective Plan
      • Roles, Responsibilities and Organisation
      • Performance Evaluation
      • Internal Audit Policy
      • Internal Audit Plan for a 3 year cycle
      • Continual Improvement Process
      • Internal and External Communication Plan
      • Document Control Policy
    • Information Security Policies
      • Client Services Access to Client Environments
      • Employee Guide
      • Security Awareness Program
      • Social Media
      • Access Control
      • Physical Security
      • Network Security
      • Logging, Monitoring and Alerting
      • Incident Response
      • Data Backups
      • Privacy Policy
      • Vulnerability Management Policy
      • Security Exception Management Policy
      • Information Security Risk Register
      • Data Retention Policy
      • Patch Management Policy
      • Cryptographic Policy
      • Information Security in Project Management
      • Information Transfer Policy
      • Third Party Risk Management
    • Business Continuity
      • Business Continuity Management System
      • Business Continuity Policy
      • Business Continuity Risk Register
      • Technical Resilience
      • Business Continuity Documents
    • Personnel & Safety
      • Overview
      • Code of Conduct
      • Health and Safety
      • Third party vendors
      • The FundApps Code for Third Parties
  • Legal Information
    • 📖General Terms
      • Fair Usage Policy
      • Third Party Data Provider Terms
    • DORA
      • Operational Resilience Statement
      • Statement on Contractual Compliance
      • Subcontractors and Service Location
      • Threat-Led Penetration Tests (TLPT) Policy
    • 📃Insurance
    • 🌍Carbon Neutral
  • 🤖AI
    • 💬FundApps Assistant (Intercom)
  • Policy Change Log
    • May 2025
    • March 2025
    • January 2025
    • December 2024
    • November 2024
    • October 2024
    • August 2024
    • July 2024
    • June 2024
    • April 2024
    • February 2024
    • January 2024
    • November 2023
    • October 2023
    • September 2023
    • August 2023
    • June 2023
    • February 2023
    • December 2022
    • October 2022
    • September 2022
    • June 2022
    • March 2022
    • February 2022
    • January 2022
    • December 2021
    • November 2021
    • October 2021
    • August 2021
    • July 2021
    • January 2021
    • August 2020
    • May 2020
    • March 2020
    • November 2019
    • September 2019
Powered by GitBook
On this page
  • Analysis of performance
  • Management Review
  • Attendees
  • Agenda

Was this helpful?

Export as PDF
  1. FundApps Policies
  2. Information Security Management System

Performance Evaluation

What will be monitored & measured
Methods for monitoring & measurement
Metrics used to measure
Target
When will it be done
Who shall monitor & measure

Protection of sensitive data managed by FundApps' Information Systems

Incident register

# of data breaches in last 12 months

0

Annually and after incident occurred

Security Team

Information Systems misused, damaged or abused.

Incident register

# of C1 or C2 security incidents in the last 12 months

0

Annually and after incident occurred

Security Team

Information Systems misused, damaged or abused.

Incident register

# of C1, C2 or C3 security incidents in the last 12 months linked to a third-party supplier.

0

Annually and after incident occurred

Security Team

Demonstrate a high level of competence and expertise in Information Security

Client dissatisfaction of security practices

# of clients lost due to Information Security issues in last 12 months

0

Annually

Security Team

Demonstrate a high level of competence and expertise in Information Security

Prospect dissatisfaction of security practices

# of deals with prospects lost due to Information Security issues in last 12 months

<5% closed lost deals

Annually

Security Team

Compliance with security standards.

ISO certification audit

ISO 27001 certification maintained

Yes

Annually

Security Team

Compliance with security standards.

SOC 2 Type II Report

SOC 2 Type II Report maintained in last 12 months

Yes

Annually

Security Team

Foster a culture of security awareness within FundApps

Incident register

# of C1, C2, C3 or Internal security incidents resulting from lack of security awareness (e.g. phishing) in last 12 months

0 C1 0 C2 0 C3 <10 internals

Annually and after incident occurred

Security Team

Foster a culture of security awareness within FundApps

Phishing test

% of users who click on test phishing emails

<5%

After each phishing test

Security Team

Foster a culture of security awareness within FundApps

Phishing test

% of users who report a test phishing email

>20%

After each phishing test

Security Team

Information Security and Business Continuity Risks

Risk assessments and reviews

# of risks above the risk tolerance level

0

Annually and following risk is identified

Security Team

Audit Findings

Internal or external audit

# and severity of findings identified during last internal audit

0 major non-conformities

Following internal or external audit

Security Team

Liability due to an Information Security Incident.

Law suits

# of law suits, fines or losses due to a security incident in last 12 months

0

Annually and following law suit

Security Team

Business Continuity Plan Effectiveness

BCP test report

Impact the last activation of BCP had on business activity and clients

No impact

Annually

Security Team

Disaster Recovery Plan Effectiveness

DR test report

Service return time during last DR Test

All components RTOs met All components RPOs met

Annually

Security Team

Security of FundApps' platform

Penetration test report

# and severity of findings in last penetration test

0 Critical and High vulnerabilities

Annually

Security Team

Analysis of performance

Based on these indicators, FundApps will assess whether its ISMS is performing efficiently and whether root causes of underperformance are being identified and managed appropriately.

Management Review

At least once per calendar year, a review of the ISMS will be done to ensure its continuing suitability, adequacy and effectiveness.

Attendees

The annual management review meeting will have the following attendees:

  • the ISMS Implementer,

  • the ISMS Manager, and

  • at least one member from the Leadership Team, which can be the ISMS Manager.

Agenda

The agenda will include the following topics:

  1. Status of actions from previous management reviews

  2. Relevant changes in external and internal issues

  3. Performance of the ISMS

    1. Audit results, non-conformities and corrective actions

    2. Monitoring and measurement results

    3. Information Security Objectives

  4. Feedback from interested parties

  5. Results of risk assessment and status of the risk treatment plan

  6. Opportunities for continual improvement

PreviousRoles, Responsibilities and OrganisationNextInternal Audit Policy

Last updated 2 years ago

Was this helpful?