LogoLogo
Current Version
Current Version
  • Welcome to FundApps' Policy Portal
  • FundApps Policies
    • Technical & Platform Overview
    • Software Development
    • Risk Management
      • Risk Management Framework
      • Information Asset Register
      • Information Systems Register
      • Data Classification and Protection Standard
    • Information Security Management System
      • Information Security Management Policy
      • Scope
      • Statement of Applicability
      • Objective Plan
      • Roles, Responsibilities and Organisation
      • Performance Evaluation
      • Internal Audit Policy
      • Internal Audit Plan for a 3 year cycle
      • Continual Improvement Process
      • Internal and External Communication Plan
      • Document Control Policy
    • Information Security Policies
      • Client Services Access to Client Environments
      • Employee Guide
      • Security Awareness Program
      • Social Media
      • Access Control
      • Physical Security
      • Network Security
      • Logging, Monitoring and Alerting
      • Incident Response
      • Data Backups
      • Privacy Policy
      • Vulnerability Management Policy
      • Security Exception Management Policy
      • Information Security Risk Register
      • Data Retention Policy
      • Patch Management Policy
      • Cryptographic Policy
      • Information Security in Project Management
      • Information Transfer Policy
      • Third Party Risk Management
    • Business Continuity
      • Business Continuity Management System
      • Business Continuity Policy
      • Business Continuity Risk Register
      • Technical Resilience
      • Business Continuity Documents
    • Personnel & Safety
      • Overview
      • Code of Conduct
      • Health and Safety
      • Third party vendors
      • The FundApps Code for Third Parties
  • Legal Information
    • 📖General Terms
      • Fair Usage Policy
      • Third Party Data Provider Terms
    • DORA
      • Operational Resilience Statement
      • Statement on Contractual Compliance
      • Subcontractors and Service Location
      • Threat-Led Penetration Tests (TLPT) Policy
    • 📃Insurance
    • 🌍Carbon Neutral
  • 🤖AI
    • 💬FundApps Assistant (Intercom)
  • Policy Change Log
    • May 2025
    • March 2025
    • January 2025
    • December 2024
    • November 2024
    • October 2024
    • August 2024
    • July 2024
    • June 2024
    • April 2024
    • February 2024
    • January 2024
    • November 2023
    • October 2023
    • September 2023
    • August 2023
    • June 2023
    • February 2023
    • December 2022
    • October 2022
    • September 2022
    • June 2022
    • March 2022
    • February 2022
    • January 2022
    • December 2021
    • November 2021
    • October 2021
    • August 2021
    • July 2021
    • January 2021
    • August 2020
    • May 2020
    • March 2020
    • November 2019
    • September 2019
Powered by GitBook
On this page
  • Information Security > Employee Guide
  • Information Security > Security Awareness Program
  • Information Security > Access Control
  • Information Security > Security Incident Response Policy
  • Information Security > Vulnerability Management Policy:
  • Information Security > Information Security Framework:
  • Risk Management > Risk Management Framework
  • Risk Management > Data Classification Standard
  • Business Continuity > Business Continuity Framework

Was this helpful?

Export as PDF
  1. Policy Change Log

September 2019

Information Security > Employee Guide

  • Rule added to forbid credential sharing and obligation to change and report compromised credentials;

  • References updated to tools (e.g. 1password);

  • Links updated in Further reading.

Information Security > Security Awareness Program

  • Aligned policy to our current practices (e.g. added dev talk on OWASP vulnerability).

Information Security > Access Control

  • Added quarterly access review for Rapptr and AWS Production environment access.

Information Security > Security Incident Response Policy

  • Corrected typos.

Information Security > Vulnerability Management Policy:

  • New vulnerability Management Policy

Information Security > Information Security Framework:

  • Replaced Data Protection Act with GDPR

  • Added summary of GDPR

  • Added reference to NIST Cyber Security Framework

Risk Management > Risk Management Framework

  • Added a risk appetite statement.

Risk Management > Data Classification Standard

  • Simplified descriptions of data classification ratings;

  • Reviewed list of existing data classification ratings;

  • Removed references to systems not used anymore;

  • Simplified rules on data transmission and storage;

  • Removed references to Data Protection Act;

  • Added reference to InfoSecLead.

Business Continuity > Business Continuity Framework

  • Removed references to commissioning OPREL

  • Changed responsibility for maintaining BCMS from CTO to Information Security Lead;

  • Merged awareness and communication paragraphs;

  • Added headings for incident detection, Crisis Management activation and management of staff contact details;

  • Removed paragraphs which repeated each other;

  • Simplified paragraph on Framework review and improvements.

PreviousNovember 2019

Last updated 2 years ago

Was this helpful?