In line with ISO 27001 requirement 9.3, it is the responsibility of senior management to conduct the management review for ISO 27001.
The ISMS Board Project helps to build a programme that helps to ensure that audits represent what the business needs.
Using the Management Review programme within the ISMS Board Project, you can hold weekly management reviews pre Stage 1 audit. This will keep your implementation project on track, build the habit, and within one month you will have built up enough evidence to satisfy the auditor and get into the groove for future reviews.
How do I access the ISMS Board?
- Hover over 'Work' in the navigation bar
- Click on 'All Work'
- Search for the 'ISMS Board' Project within the 'All Work' search field
- Click on the 'ISMS Board' link to navigate to the Project
The 'Headlines' page for the ISMS Board will display:
Using the ISMS Board
The ISMS Board functions much the same as any other Project on the platform. See here for more of our Project guides.
You will notice there is a pre-configured Phase in the Project, 'Management reviews'. The activities within this Phase can be used to document and arrange reviews and meetings following the implementation of ISMS.
You will notice the ISMS Board Project is split into two Phases, and within those, two and three Deliverables respectively.
Use this area to record any meetings you have during your implementation of ISO 27001.
You can use this notes area to record minutes and create To-Do's to record actions. If you want to share any documents in relation to the meeting just upload them into the Activity.
Bi-monthly information security meetings (use once ISMS is implemented)
Use this area to record your regular ISMS Board meetings to discuss strategic and operational activities relating to the ISMS.
We recommend that you create a standing agenda relevant to your organisation's approach to ISMS operation. You can use this notes area to record minutes and create To-Do's to record actions. If you want to share any documents in relation to the meeting just upload them into the Activity.
Pre-Certification ISMS Management Review
Use this area to record your Pre-Certification Audit Management review, in this deliverable is an Activity for the Pre-Stage 2 Audit Review, including Note Content for you to fill out.
Each agenda item has a short description of what needs to be covered and where you can find it in your ISMS.
To record the minutes of the meeting just edit the note and add them under each agenda heading. Any actions that arise should be recorded as To-Dos or in the corrective actions and improvements track as appropriate.
Three Year Management Review Schedule
Similar to the Pre-Certification Review, once certified you will need to continue holding Management Review Meetings in line with the 3-year lifecycle of certification. Use these Activity areas to record minutes from those meetings, and create To-Dos for any Actions that arise.
See here to learn how to add or remove Phases, Activities and Deliverables within the ISMS Board.
- Adding individuals to a Project
- Creating an Activity within the Project Structure tab
- Creating a Project Framework
Implementing ISO 27001 and need a little extra help?
Implementing a successful (and sustainable) information security management system can be challenging, especially if you or members of the implementation team are not experienced on the topic of ISO 27001.
To integrate seamlessly with the pre-configured workspaces and technology at the heart of ISMS.online, we have developed our Virtual Coach package.
Virtual Coach provides time-saving features, tools, actionable policies and controls and other content, you are now also equipped with the confidence and capability to achieve your ISO 27001:2103/17 certification goals faster, and at a tiny fraction of the cost of alternatives.