How often do you hold management meetings that focus on information security? If you’re going to take matters seriously, ensure that your business keeps pace with cyber threats, maintain vigilance and run risk assessments you would do well to consider the following 4 Step – ISMS Review Meeting protocol:
- Pre-Meeting Action
Confirm date of meeting and communicate date, time and agenda with invitees.
Review Agenda Items and ensure all supporting collateral and key documents are available and linked.
- Meeting Plan, Date and Minutes
Objective of the meeting – example: Review the effectiveness of the ISMS to include:
- Actions from previous Management Reviews
- Changes in external and internal issues that are relevant to the ISMS
- Regulatory or legal requirements
- Contractual obligations
Audit Activities: Controls, Clauses, Suppliers, Locations etc
Feedback on the information security activity, including:
- Nonconformances and corrective actions
- Monitoring and measurement results
- Audits – findings and conclusions
- Fulfilment of information security objectives
- Review information security strategy, plans, roles and responsibilities
- Information security resourcing including budget and return on security investments
Feedback from interested parties: Directors, Staff, Suppliers, Customers
Results of risk assessments and status of risk treatment plan
Opportunities for continual improvements and their progress
- Decisions related to continual improvement opportunities
- Any need for changes to the ISMS
- Resource requirements
- Recommendations for improvement
- Next Management Review date
- Any Other Business
Clearly, Information Security Management Reviews are fundamental to monitoring the performance of the ISMS, ensuring that investment in time and resources is returned.
The Management Reviews module of the 27k1 ISMS software allows every aspect of the ISMS to be opened up for discussion. From scheduling meetings and sending invitations that leverage the integrated Office 365 functionality, through to sending the agendas and recording the minutes. This complete solution harnesses all supporting documentation which is stored and accessed on any Document Management System chosen by the user.
The 27k1 ISMS Management Review module allows nonconformances, actions and continuous improvements to be raised and reviewed within meetings, leading to the automatic creation of dashboard style reports that present full, “at-a-glance” information to senior management. Elsewhere in the system, the Audit Manager provides full audit and reporting across the ISMS.
For companies that take information security seriously and want to “make it happen”, the 27k1 ISMS software delivers everything that you need to comply with ISO 27001 pass audit and achieve certification.