LogoLogo
v2021-07
Current Versionv2018-04v2019-09v2019-11v2020-03v2020-05v2020-08v2021-01v2021-07v2021-10
v2021-07
Current Versionv2018-04v2019-09v2019-11v2020-03v2020-05v2020-08v2021-01v2021-07v2021-10
  • Welcome
  • FundApps Policies
    • Technical & Platform Overview
    • Software Development
    • Risk Management
      • Risk Management Framework
      • Information Asset Register
      • Information Systems Register
      • Data Classification and Protection Standard
    • Information Security Management System
      • Information Security Management Policy
      • Scope
      • Statement of Applicability
      • Objective Plan
      • Roles, Responsibilities and Organisation
      • Performance Evaluation
      • Internal Audit Policy
      • Internal Audit Plan 2021
      • Continual Improvement Process
      • Internal and External Communication Plan
      • Document Control Policy
    • Information Security Policies
      • Client Services Access to Client Environments
      • Employee Guide
      • Security Awareness Program
      • Social Media
      • Access Control
      • Physical Security
      • Network Security
      • Logging, Monitoring and Alerting
      • Incident Response
      • Data Backups
      • Privacy Policy
      • Vulnerability Management Policy
      • Security Exception Management Policy
      • Information Security Risk Register
      • Data Retention Policy
      • Patch Management Policy
    • Business Continuity
      • Business Continuity Management System
      • Business Continuity Policy
      • Business Continuity Risk Register
      • Technical Resilience
      • Business Continuity Documents
    • Personnel & Safety
      • Overview
      • Code of Conduct
      • Health and Safety
      • Third party vendors
  • Policy Change Log
    • July 2021
    • January 2021
    • August 2020
    • May 2020
    • March 2020
    • November 2019
    • September 2019
Powered by GitBook
On this page

Was this helpful?

Export as PDF
  1. FundApps Policies
  2. Information Security Management System

Objective Plan

The following table describes the plan for 2021 to achieve FundApps' objectives.

Objective

What will be done

Responsible

Resources required

Evaluation

Est. completion date

1) Ensure the protection of non-public data managed by FundApps' Information Systems.

Implement conditional access to allow same controls on BYOD than corporate devices

Information Security Lead

External expertise on conditional access

Conditional Access has been deployed to Okta

End of December 2021

2) Ensure the protection of all FundApps Information Systems against the risks of unauthorised access, misuse, damage and abuse.

Automate security testing for Infrastructure as Code

Information Security Lead

Recurrent budget

Automated security testing for IaC implemented in build pipeline

End of June 2021

3) Demonstrate a high level of competence and expertise in Information Security

Maintain a SOC 2 Type II Report

Information Security Lead

External auditor

SOC 2 Type II Report

End of November 2021

4) Maintain compliance with security standards.

Obtain ISO 27001 certification

Information Security Lead

Internal and External auditors

ISO 27001 certification

End of November 2021

5) Foster a culture of security awareness within FundApps.

Provide security awareness training refresher for all staff

Information Security Lead

None

Security awareness refresher training provided to all staff

End of September 2021

6) Protect FundApps from liability or damage due to an Information Security Incident.

Review compliance with Privacy laws

Legal counsel

Recruit legal counsel

Compliance with privacy laws reviewed

End of December 2021

7) Maintain a cycle of continuous improvement.

Remediate findings identified by ISO 27001 readiness assessment and Internal audit

Information Security Lead

None

All non-conformities have been remediated

End of July 2021

PreviousStatement of ApplicabilityNextRoles, Responsibilities and Organisation

Last updated 3 years ago

Was this helpful?