ISO 27001 maintenance mode after implementation mode

We've received the following question: We recently achieved our ISO certification on Friday last - the 28 Feb. However I have been looking on your blog to find out what is the process -if any- to transition from implementation mode to maintenance mode and if there are any critical items that need to be closed off/completed before this can happen? We are still keenly in ‘ISO operational mode’ and are now looking at including the rest of the business in scope (we had a limited scope initially) but at present we want to wind down activity and e.g reduce the frequency and attendance of the ISMS team meetings and suchlike. Are there any guidelines for what should still happen post audit while leaving the implementation phase behind and how to get into that mode? Answer: Regarding your description I can assume that you already sent to the certification body the CAP (Corrective Action Plan) to the non conformities arised during the audit, because this is the most critical item. The actions you mentioned in CAP should be treated in accordance with the scheduled timeframe yo u refered in the document. If you had no nonconformity you shouldn't be required to send a Corrective Action Plan. To get "in maintenance mode after implementation mode" it is just following the policies, processes, procedures and controls you've just included in your system and get the focus in the performance of the indicators you have selected, completing the PDCA cycle. If your team is motivated and you have the management commitment to include the rest of the business in the scope, please proceed in that way and increase the maturity level of the system. Thanks