Roles, Responsibilities and Organisation
Roles and Responsibilities
ISMS Manager
The CTO shall ensure FundApps allocates the appropriate resources to ensure the ISMS' conformity with the ISO 27001 standard and shall report the performance of the ISMS to the Leadership team.
ISMS Implementer
The Head of Information Security shall maintain the ISMS, assess its conformity with the ISO 27001 standard, define appropriate corrective actions and report its performance to the CTO.
ISMS Internal Auditor
The internal auditor, who can be a staff member or a consultant, shall perform an impartial internal audit against the requirements of the ISO 27001 standard, and follow-up on the internal audit results to achieve continual improvement.
Leadership Team
The leadership team will ensure the performance of the ISMS aligns with FundApps' business objectives.
FundApps staff
Finally all FundApps staff members contribute to the ISMS, FundApps' security policies and procedures.
Organisation
The following diagram details the organisation between the staff who have a role in the ISMS.
Competence
FundApps assesses the competencies of those who play a role in the ISMS based on the table below:
ISMS Manager
Technical Leadership experience.
Technical and architectural expertise.
Experience in an environment with high security requirements.
Competencies are assessed during recruitment process and during annual review.
Assess experience against match those set out in competencies column.
External Information Security Training
>1 year experience leading a Technology team. Degree in Computer Science >1 year experience working in a company with high security requirements (e.g. Financial Institution).
ISMS Implementer
Information Security Leadership experience.
Information Security expertise.
Information Security Certifications.
Competencies are assessed during recruitment process and during annual review.
Assess experience, expertise and certifications against match those set out in competencies column.
External Information Security Training
>1 year experience leading an Information Security team Degree in Information Security Management Systems Information Security Certification
ISMS Internal Auditor
Auditor experience.
ISO 27001 expertise.
Competencies are assessed during recruitment/purchasing process for Internal auditor and/or during annual review.
Assess experience and expertise.
External Information Security Training
>1 year experience as auditor ISO 27001 Lead Auditor certification
Leadership Team,
FundApps Staff
Knowledge of FundApps' Information Security Policies
Knowledge on how to react to most common security threats (e.g. react to phishing emails)
Competencies are assessed during annual Information Security Test.
Assess compliance with Information Security Test.
FundApps InfoSec Training
Pass annual Information Security Test
If gaps are identified with the required competencies, FundApps will define a set of actions to remediate it. These actions may include training, mentoring or hiring or contracting competent persons.
Last updated
Was this helpful?