Performance Evaluation
What will be monitored & measured
Methods for monitoring & measurement
Metrics used to measure
Target
When will it be done
Who shall monitor & measure
Protection of sensitive data managed by FundApps' Information Systems
Incident register
# of data breaches in last 12 months
0
Annually and after incident occurred
Information Security Lead
Information Systems misused, damaged or abused.
Incident register
# of C1 or C2 security incidents in last 12 months
0
Annually and after incident occurred
Information Security Lead
Demonstrate a high level of competence and expertise in Information Security
Client dissatisfaction of security practices
# of clients lost due to Information Security issues in last 12 months
0
Annually
Information Security Lead
Demonstrate a high level of competence and expertise in Information Security
Prospect dissatisfaction of security practices
# of deals with prospects lost due to Information Security issues in last 12 months
<5% closed lost deals
Annually
Information Security Lead
Compliance with security standards.
ISO certification audit
ISO 27001 certification achieved
Yes
Annually
Information Security Lead
Compliance with security standards.
SOC 2 Type II Report
SOC 2 Type II Report maintained in last 12 months
Yes
Annually
Information Security Lead
Foster a culture of security awareness within FundApps
Incident register
# of C1, C2 or C3 security incidents resulting from lack of security awareness (e.g. phishing) in last 12 months
0
Annually and after incident occurred
Information Security Lead
Information Security and Business Continuity Risks
Risk assessments and reviews
# of risks above the risk tolerance level
0
Annually and following risk is identified
Information Security Lead
Audit Findings
Internal or external audit
# and severity of findings identified during last internal audit
0 major non-conformities
Following internal or external audit
Information Security Lead
Liability due to an Information Security Incident.
Law suits
# of law suits, fines or losses due to a security incident in last 12 months
0
Annually and following law suit
Information Security Lead
Business Continuity Plan Effectiveness
BCP test report
Impact the last activation of BCP had on business activity and clients
No impact
Annually
Information Security Lead
Disaster Recovery Plan Effectiveness
DR test report
Service return time during last DR Test
Return Time < 4 hours
Annually
Information Security Lead
Security of FundApps' platform
Penetration test report
# and severity of findings in last penetration test
0 Critical and High vulnerabilities
Annually
Information Security Lead
Analysis of performance
Based on these indicators, FundApps will assess whether its ISMS is performing efficiently and whether root causes of underperformance are being identified and managed appropriately.
Management Review
At least once per calendar year a review of the ISMS will be done to ensure its continuing suitability, adequacy and effectiveness.
Attendees
The annual management review meeting will have the following attendees:
the ISMS Implementer,
the ISMS Manager, and
at least one member from the Leadership Team, which can be the ISMS Manager.
Agenda
The agenda will include the following topics:
Status of actions from previous management reviews
Relevant changes in external and internal issues
Performance of the ISMS
Audit results, non conformities and corrective actions
Monitoring and measurement results
Information Security Objectives
Feedback from interested parties
Results of risk assessment and status of risk treatment plan
Opportunities for continual improvement
Last updated
Was this helpful?