Guest post Created: Jan 12, 2016 Last commented: Jan 12, 2016

ISO 27001 / Planned intervals

Hi , can anyone please explain : Planned internals ? Shall I plan for example the management review : every year , every 6 months ? Because it is hardly possible , They are busy people and I meet them when possible planned dates that can be advanced or delayed , it depends on their availability.

0 0

Assign topic to the user

Select user

Guest

DejanK Jan 12, 2016

Management review must be performed at least once a year.

By the way, if your top management doesn't care at all about your information security, then you have a serious problem - therefore, a management review shouldn't be just another compliance job, but a serious consideration from the management point of view on how your security is performing.

This article can also help you: Why is management review important for ISO 27001 and ISO 22301? https://advisera.com/27001academy/blog/2014/03/03/why-is-management-review-important-for-iso-27001-and-iso-22301/

Quote

0 0

Guest

Guest post Jan 12, 2016

It's not that they are not committed but we cannot say that the meeting is on the 3rd of jannuary every year. They have meetings with clients , or we dodn't prepared the managament review points , so we delay the meetings .

Quote

0 0

Guest

DejanK Jan 12, 2016

It is not really about the date when you have the meeting, but whether the top management really understands what is to be achieved with information security, and if they provide all the required resources.

Quote

0 0

Comment as guest or Sign in

HTML tags are not allowed

Name *

Email *

I accept the Privacy and Terms

Notify me when someone replies

Jan 12, 2016

Expert Advice Community