Comply with clause 9.1

Answer:
To comply with the clause 9.1 basically you need to perform a monitoring, measurement, analysis and evaluation of your ISMS. How can you do this? A way is using metrics. An example:

If an objective is to reduce backups failures (10%), you can perform a periodic measurements (for example each week) with this formula: Failure backups / Total backups. And you can see how is the evolution of the measurements.

Another example can be to reduce the number of unauthorized access to a critical server (15%), so you can use this formula : Unauthorized access / Total access. And see the evolution performing periodic measurements.

This article can help you “How to perform monitoring and measurement in ISO 27001” : https://advisera.com/27001academy/blog/2015/06/08/how-to-perform-monitoring-and-measurement-in-iso-27001/

And also this free webinar “ISO 27001 and ISO 27004: How to measure the effectiveness of information security?” : https://advisera.com/27001academy/webinar/iso-27001iso-22301-the-certification-process-free-webinar/

Finally, these materials will help you to know more about how to measure your ISMS:
- free online training ISO 27001 Foundations Course https://advisera.com/training/iso-27001-foundations-course/
- book Secure & Simple: A Small-Business Guide to Implementing ISO 27001 On Your Own https://advisera.com/books/secure-and-simple-a-small-business-guide-to-implementing-iso-27001-on-your-own/