I have a question about one the topic to be addressed during the ISO 27001 Management Review. The Fulfillment of the security objectives.I have some challenges to present this topic.
To fulfill this requirement I was thinking of addressing the ISO 27001 6.2 requirements (6.2. f what will be done, 6.2.g, what resources will be required, 6.2.h who will be responsible, 6.2.i when it will be complete, 6.2.j how the results will be evaluated) through a table that would contain columns for these different topics:
Recommendation (from the risks assessment)
Risks (covered by the recommendation)
Roadmap Project (which contain all the details of the resources, the deadline, the responsible)
Related Security Objective
Related KPI with target
Progress Status of the project.
Is it something that you think can help address this ?
Thanks for your valuable recommendations.