I have implemented ISMS in my company 2 years before and all the objectives which I have proposed during the implementation are already completed. I need to establish new ISMS objectives for the next 2 years at least. I have below doubts in mind:
- How should I proceed in this case? New ISMS objectives will depend upon which factors? How can I make new objectives?
- What will happen to my objectives which have been completed?
- Do I need to keep a record for them for management review in the future?
- Do I need to make any implementation plan for the new objectives and how they will be achieved?