CHAPTER 16: MANAGEMENT REVIEW
Section 7 of ISO27001 (and Control A.5.1.2), which deals with management review of the ISMS, stresses that the management review should take into account the ‘status of preventative and corrective actions’,21 as well as any changes anywhere or to anything that might affect the ISMS, and recommendations for improvement.
It should be noted that corrective and preventative action should be prioritised on the basis of a risk assessment.22
ISO27001 calls, at Control A.5.1.8, for an ‘independent review of information security’, which should take place at planned intervals (or whenever there have been significant changes), and should be comprehensive (‘control objectives, controls, policies, processes, and procedures’). ...
Get ISO27001 / ISO27002 A Pocket Guide now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
