Guest user Created: Mar 21, 2019 Last commented: Mar 21, 2019

Management review policy

I have just bought the full suite of ISO documents from you. There doesn't appear to be a specific policy regarding Management Review. In folder 11 i can only see the Measurement Report and Management Review minutes. Our auditor is asking for a policy. Does one exist?

0 0

Assign topic to the user

Select user

Expert

Rhand Leal Mar 21, 2019

Answer:

ISO 27001 does not require a specific management review policy to be documented. The requirement for top management to review the ISMS can be found on the Information Security Policy, section 4.5. This template can be found on folder 04 Information Security Policy.

It is important to note that in large majority of cases smaller companies do not write separate Management Review Policy, this is why we didn’t include it into the toolkit.

This article will provide you further explanation about mandatory documents for ISO 27001:
- List of mandatory documents required by ISO 27001 (2013 revision) https://advisera.com/27001academy/knowledgebase/list-of-mandatory-documents-required-by-iso-27001-2013-revision/

Quote

0 0

Comment as guest or Sign in

HTML tags are not allowed

Name *

Email *

I accept the Privacy and Terms

Notify me when someone replies

Mar 21, 2019

Expert Advice Community