Management review
I have a question about the Management evaluation protocol.
My question is about documents that need to be checked during the meeting.
"Documents or descriptions of monitoring results and analysis of evaluation measures“. Can you please explain that fact to me? I don’t understand that.
Assign topic to the user
ISO 27001 DOCUMENTATION TOOLKIT
Step-by-step implementation for smaller companies.
Find out more 
ISO 27001 DOCUMENTATION TOOLKIT
Step-by-step implementation for smaller companies.
Find out more
ISO 27001 DOCUMENTATION TOOLKIT
Step-by-step implementation for smaller companies.
Find out more
An example of monitoring results are the total downtime of a critical information system and the evaluation would be the explanation of the main causes of reported downtime.
Another example of monitoring results are the results of a vulnerability test and the evaluation would be the explanation of the meaning of the results to the general performance of security controls.
Information like those are important because they help top management to decide whether the ISMS is fulfilling its objectives, which improvements are needed, changes to the scope, approval of the required resources, modification to the main documents (e.g., top-level policies), etc.
This article will provide you further explanation about management review:
- Why is management review important for ISO 27001 and ISO 22301? https://advisera.com/27001academy/blog/2014/03/03/why-is-management-review-important-for-iso-27001-and-iso-22301/
Comment as guest or Sign in
Nov 19, 2019