At last, I have got an opportunity to implement ISMS in my organization. Though it is already implemented in a specific domain and now the scope is expanding. The first assignment I have is to develop monitoring mechanism for monitoring of ISMS effectiveness. I need to work on KPIs and metrics to develop dashboard sort of tool so I can present it to our management.
I remember you have explained it in your book about how to keep track of the objective and effectiveness of ISMS program, I have to delve into it again. Meanwhile, it would be nice if you have any template or tool to share which can help me in my work.
ISO 27001 does not require the usage of specific means of presentation of KPIs to top management, so we do not offer specific dashboards templates. If you used our Matrix of Key Performance Indicators [ISO 9001:2015] to list your KPIs, you can present this document to them.
But if you are thinking about a meeting presentation using something like PowerPoint, what I can suggest you is to use the 30-20-10 rule for presentations: use fonts size 30, maximum 20 minutes, up to 10 slides. And the presentation should last a maximum of 10 minutes, so you can have 10 minutes for questions and answers. Longer presentations will make top management lose focus on you message.