LogoLogo
v2021-07
Current Versionv2018-04v2019-09v2019-11v2020-03v2020-05v2020-08v2021-01v2021-07v2021-10
v2021-07
Current Versionv2018-04v2019-09v2019-11v2020-03v2020-05v2020-08v2021-01v2021-07v2021-10
  • Welcome
  • FundApps Policies
    • Technical & Platform Overview
    • Software Development
    • Risk Management
      • Risk Management Framework
      • Information Asset Register
      • Information Systems Register
      • Data Classification and Protection Standard
    • Information Security Management System
      • Information Security Management Policy
      • Scope
      • Statement of Applicability
      • Objective Plan
      • Roles, Responsibilities and Organisation
      • Performance Evaluation
      • Internal Audit Policy
      • Internal Audit Plan 2021
      • Continual Improvement Process
      • Internal and External Communication Plan
      • Document Control Policy
    • Information Security Policies
      • Client Services Access to Client Environments
      • Employee Guide
      • Security Awareness Program
      • Social Media
      • Access Control
      • Physical Security
      • Network Security
      • Logging, Monitoring and Alerting
      • Incident Response
      • Data Backups
      • Privacy Policy
      • Vulnerability Management Policy
      • Security Exception Management Policy
      • Information Security Risk Register
      • Data Retention Policy
      • Patch Management Policy
    • Business Continuity
      • Business Continuity Management System
      • Business Continuity Policy
      • Business Continuity Risk Register
      • Technical Resilience
      • Business Continuity Documents
    • Personnel & Safety
      • Overview
      • Code of Conduct
      • Health and Safety
      • Third party vendors
  • Policy Change Log
    • July 2021
    • January 2021
    • August 2020
    • May 2020
    • March 2020
    • November 2019
    • September 2019
Powered by GitBook
On this page
  • Objective
  • Scope
  • Policy
  • React to the nonconformity
  • Evaluate the root cause
  • Remediate root cause
  • Determine effectiveness of the remediation
  • Retain evidence

Was this helpful?

Export as PDF
  1. FundApps Policies
  2. Information Security Management System

Continual Improvement Process

Objective

This process aims to allow FundApps to continually improve the suitability, adequacy and effectiveness of the information security management system.

Scope

Nonconformities of FundApps' Information Security Management System with ISO 27001:2013.

Policy

FundApps shall implement the following process when nonconformities arise:

React to the nonconformity

FundApps shall react to the nonconformity as applicable by taking action to control and correct it and deal with its consequences.

Non-conformities will be logged in ClubHouse, a ticketing system.

Evaluate the root cause

FundApps shall evaluate the need for action to eliminate the causes of the nonconformity to ensure it does not occur again.

To do so FundApps shall:

  • review the nonconformity;

  • determine the cause of the nonconformity; and

  • determine if similar nonconformities exist or could potentially occur.

The remediation action and a deadline will be logged in ClubHouse for each non-conformity.

Remediate root cause

FundApps shall implement actions required to address the root cause of the nonconformity.

Once the action has been implemented, the corresponding ClubHouse story will be marked as done.

Determine effectiveness of the remediation

FundApps shall review the effectiveness of the remediation actions which have been taken and make further changes to the ISMS if necessary.

Retain evidence

FundApps shall retain evidence of:

  • the nature of the nonconformities and any subsequent action taken, and

  • the result of any remediation actions.

PreviousInternal Audit Plan 2021NextInternal and External Communication Plan

Last updated 3 years ago

Was this helpful?