This process aims to allow FundApps to continually improve the suitability, adequacy and effectiveness of the information security management system.
Nonconformities of FundApps' Information Security Management System with ISO 27001:2013.
FundApps shall implement the following process when nonconformities arise:
FundApps shall react to the nonconformity as applicable by taking action to control and correct it and deal with its consequences.
Non-conformities will be logged in ClubHouse, a ticketing system.
FundApps shall evaluate the need for action to eliminate the causes of the nonconformity to ensure it does not occur again.
To do so FundApps shall:
review the nonconformity;
determine the cause of the nonconformity; and
determine if similar nonconformities exist or could potentially occur.
The remediation action and a deadline will be logged in ClubHouse for each non-conformity.
FundApps shall implement actions required to address the root cause of the nonconformity.
Once the action has been implemented, the corresponding ClubHouse story will be marked as done.
FundApps shall review the effectiveness of the remediation actions which have been taken and make further changes to the ISMS if necessary.
FundApps shall retain evidence of:
the nature of the nonconformities and any subsequent action taken, and
the result of any remediation actions.