Skip to content
LEF LEF Docs
GitHubLinkedIn

ISMS management review (draft)

ISO 27001 expects leadership to periodically review the ISMS. This page provides a minimal structure for that review.

OwnerInformation Security Officer
Contactinfra@lef.tec.br
Version0.1
Last updated2025-12-24
Review cadenceAt least annually

1. Purpose

Section titled “1. Purpose”

Ensure the ISMS remains suitable, adequate, and effective for the agreed scope, and that improvement actions are prioritized and resourced.

2. Attendees (draft)

Section titled “2. Attendees (draft)”

3. Inputs (minimal)

Section titled “3. Inputs (minimal)”
  • Status of actions from previous reviews
  • Changes affecting the ISMS (scope, suppliers, environments, legal/contract)
  • Risk status (see Risk register)
  • Incident and vulnerability summaries
  • Audit results and corrective actions
  • Progress against objectives (see Information security objectives (draft))

4. Outputs (minimal)

Section titled “4. Outputs (minimal)”
  • Decisions on ISMS changes (scope, policies, controls)
  • Approved objectives and priorities
  • Resource needs and responsibilities
  • Corrective and improvement actions

5. Records / evidence

Section titled “5. Records / evidence”
Section titled “Related”
Governance & ISMS Internal audit Security objectives