Greetings all.
I have a question about one the topic to be addressed during the ISO 27001 Management Review. The Fulfillment of the security objectives.I have some challenges to present this topic.
To fulfill this requirement I was thinking of addressing the ISO 27001 6.2 requirements (6.2. f what will be done, 6.2.g, what resources will be required, 6.2.h who will be responsible, 6.2.i when it will be complete, 6.2.j how the results will be evaluated) through a table that would contain columns for these different topics:
Recommendation (from the risks assessment)
Risks (covered by the recommendation)
Roadmap Project (which contain all the details of the resources, the deadline, the responsible)
Related Security Objective
Related KPI with target
Progress Status of the project.
Is it something that you think can help address this ?
Thanks for your valuable recommendations.
Assign topic to the user
Please note that for management review you can use less information (e.g., Related Security Objective, Related KPI with the target, the deadline, and the responsible), because other information required by clause 6.2 can be defined only in the Risk Treatment Plan.
To see a measurement report that can be used to review security objectives during the Management Review that is compliant with ISO 27001, please take a look at this template:
- Measurement Report https://advisera.com/27001academy/documentation/measurement-report/
For further information about security objectives, please see:
- ISO 27001 control objectives – Why are they important? https://advisera.com/27001academy/blog/2012/04/10/iso-27001-control-objectives-why-are-they-important/
- How to perform monitoring and measurement in ISO 27001 https://advisera.com/27001academy/blog/2015/06/08/how-to-perform-monitoring-and-measurement-in-iso-27001/
- Key performance indicators for an ISO 27001 ISMS https://advisera.com/27001academy/blog/2016/02/01/key-performance-indicators-for-an-iso-27001-isms/
Comment as guest or Sign in
Sep 20, 2022