Reviewing the management system

Once the ISMS is implemented it must be reviewed and monitored by the organisational management.

The ISMS is reviewed to:

· determine whether system activities (people and IT) are performing as expected;

· review system controls and policy;

· review the level of risk based on changes to the organisation, technology, business objectives and processes, and identified threats;

· review the scope of the management system;

· identify improvements to management system processes.

An Introduction To Information, Network and Internet Security
Reviewing the management system Once the ISMS is implemented it must be reviewed and monitored by the organisational management. The ISMS is reviewed to: · determine whether system activities (people and IT) are performing as expected; · review system controls and policy; · review the level of risk based on changes to the organisation, technology, business objectives and processes, and identified threats; · review the scope of the management system; · identify improvements to management system processes.	The Security Practitioner An Introduction to Information Security
Return To An Introduction to Information Security