ISO 27001 / Planned intervals
Assign topic to the user
Management review must be performed at least once a year.
By the way, if your top management doesn't care at all about your information security, then you have a serious problem - therefore, a management review shouldn't be just another compliance job, but a serious consideration from the management point of view on how your security is performing.
This article can also help you: Why is management review important for ISO 27001 and ISO 22301? https://advisera.com/27001academy/blog/2014/03/03/why-is-management-review-important-for-iso-27001-and-iso-22301/
It's not that they are not committed but we cannot say that the meeting is on the 3rd of jannuary every year. They have meetings with clients , or we dodn't prepared the managament review points , so we delay the meetings .
Comment as guest or Sign in
Jan 12, 2016