1 of 1

Internal Audit Plan for a 3 year cycle

This plan describes how the Internal Audit will be split over 3 years, so that every 3 year cycle the entirety of FundApps' Information Security Management System has been audited.

Once a cycle of 3 years is completed, a new 3 year cycle will begin.

Year 1

This internal audit shall cover the following elements:

Clauses 4 to 10;

The audit will be performed before the end of June of year 1.

Year 2

This internal audit shall cover the following elements:

Clauses 4 to 10;

The audit will be performed before the end of June of year 2.

Year 3

This internal audit shall cover the following elements:

Clauses 4 to 10;

The audit will be performed before the end of June of year 3.

Internal Audit Plan for a 3 year cycle

This plan describes how the Internal Audit will be split over 3 years, so that every 3 year cycle the entirety of FundApps' Information Security Management System has been audited.

Once a cycle of 3 years is completed, a new 3 year cycle will begin.

Year 1

This internal audit shall cover the following elements:

Clauses 4 to 10;
All Annex A controls in scope as per the .

The audit will be performed before the end of June of year 1.

Year 2

This internal audit shall cover the following elements:

Clauses 4 to 10;
Annex A controls in scope as per the from A.5.1. to A.6.8 included.

The audit will be performed before the end of June of year 2.

Year 3

This internal audit shall cover the following elements:

Clauses 4 to 10;
Annex A controls in scope as per the from A.7.1 to A.8.34 included.

The audit will be performed before the end of June of year 3.