Initial commit
This commit is contained in:
Paul Jenkins
101
06-audit-and-review/management-review-pack-template.md
Normal file
101
06-audit-and-review/management-review-pack-template.md
Normal file
@@ -0,0 +1,101 @@
|
||||
Title: Management Review Pack Template
|
||||
Document ID: [MR-PACK-001]
|
||||
Version: 0.1 Draft
|
||||
Status: Draft
|
||||
Owner: CISO (Paul Jenkins)
|
||||
Approver: CISO (Paul Jenkins)
|
||||
Classification: Internal
|
||||
Effective date: [DD Month YYYY]
|
||||
Review date: [DD Month YYYY]
|
||||
|
||||
# Management Review Pack Template
|
||||
|
||||
## Purpose
|
||||
|
||||
This template provides a consistent structure for assembling the inputs to a formal ISMS management review.
|
||||
|
||||
## Review Details
|
||||
|
||||
- Review period: [Period]
|
||||
- Review date: [DD Month YYYY]
|
||||
- Chair: [Role]
|
||||
- Participants: [Names / Roles]
|
||||
- Prepared by: [Role]
|
||||
|
||||
## Executive Summary
|
||||
|
||||
[Summarise the overall status of the ISMS and the key decisions required.]
|
||||
|
||||
## Review Inputs
|
||||
|
||||
### Information Security Objectives
|
||||
|
||||
- current objectives status
|
||||
- missed targets or at-risk items
|
||||
- proposed new or revised objectives
|
||||
|
||||
### Risk And Exception Status
|
||||
|
||||
- top open risks
|
||||
- newly accepted risks
|
||||
- expired or overdue exceptions
|
||||
- themes requiring management attention
|
||||
|
||||
### Incident And Breach Summary
|
||||
|
||||
- material incidents during the period
|
||||
- lessons learned
|
||||
- any notifiable or high-impact events
|
||||
|
||||
### Audit And Assurance Summary
|
||||
|
||||
- audits completed
|
||||
- key findings and themes
|
||||
- overdue corrective actions
|
||||
|
||||
### Supplier And Dependency Issues
|
||||
|
||||
- key supplier reviews
|
||||
- assurance gaps
|
||||
- material supplier incidents or changes
|
||||
|
||||
### Change And Operational Themes
|
||||
|
||||
- significant change failures or concerns
|
||||
- recurring operational issues
|
||||
- resilience or recovery concerns
|
||||
|
||||
### Training And Awareness
|
||||
|
||||
- completion status
|
||||
- overdue or role-specific gaps
|
||||
|
||||
### Improvement Opportunities
|
||||
|
||||
- proposed control improvements
|
||||
- resourcing or prioritisation needs
|
||||
|
||||
## Decisions Required
|
||||
|
||||
| Decision Area | Summary | Proposed Decision | Owner |
|
||||
| --- | --- | --- | --- |
|
||||
| [Area] | [Summary] | [Decision] | [Role] |
|
||||
|
||||
## Actions Proposed
|
||||
|
||||
| Action | Owner | Target Date | Priority | Linked Input |
|
||||
| --- | --- | --- | --- | --- |
|
||||
| [Action] | [Role] | [DD Month YYYY] | [Low/Medium/High] | [Risk / audit / incident / objective] |
|
||||
|
||||
## Related Documents
|
||||
|
||||
- Management Review Procedure
|
||||
- Management Review Minutes Template
|
||||
- Information Security Objectives Template
|
||||
- Corrective Actions Register Template
|
||||
|
||||
## Version Control
|
||||
|
||||
| Version | Date | Description of Change | Author |
|
||||
| --- | --- | --- | --- |
|
||||
| 0.1 Draft | [DD Month YYYY] | Initial draft. | [Name or Role] |
|
||||
Reference in New Issue
Block a user