102 lines
2.3 KiB
Markdown
102 lines
2.3 KiB
Markdown
Title: Management Review Pack Template
|
|
Document ID: [MR-PACK-001]
|
|
Version: 0.1 Draft
|
|
Status: Draft
|
|
Owner: CISO (Paul Jenkins)
|
|
Approver: CISO (Paul Jenkins)
|
|
Classification: Internal
|
|
Effective date: [DD Month YYYY]
|
|
Review date: [DD Month YYYY]
|
|
|
|
# Management Review Pack Template
|
|
|
|
## Purpose
|
|
|
|
This template provides a consistent structure for assembling the inputs to a formal ISMS management review.
|
|
|
|
## Review Details
|
|
|
|
- Review period: [Period]
|
|
- Review date: [DD Month YYYY]
|
|
- Chair: [Role]
|
|
- Participants: [Names / Roles]
|
|
- Prepared by: [Role]
|
|
|
|
## Executive Summary
|
|
|
|
[Summarise the overall status of the ISMS and the key decisions required.]
|
|
|
|
## Review Inputs
|
|
|
|
### Information Security Objectives
|
|
|
|
- current objectives status
|
|
- missed targets or at-risk items
|
|
- proposed new or revised objectives
|
|
|
|
### Risk And Exception Status
|
|
|
|
- top open risks
|
|
- newly accepted risks
|
|
- expired or overdue exceptions
|
|
- themes requiring management attention
|
|
|
|
### Incident And Breach Summary
|
|
|
|
- material incidents during the period
|
|
- lessons learned
|
|
- any notifiable or high-impact events
|
|
|
|
### Audit And Assurance Summary
|
|
|
|
- audits completed
|
|
- key findings and themes
|
|
- overdue corrective actions
|
|
|
|
### Supplier And Dependency Issues
|
|
|
|
- key supplier reviews
|
|
- assurance gaps
|
|
- material supplier incidents or changes
|
|
|
|
### Change And Operational Themes
|
|
|
|
- significant change failures or concerns
|
|
- recurring operational issues
|
|
- resilience or recovery concerns
|
|
|
|
### Training And Awareness
|
|
|
|
- completion status
|
|
- overdue or role-specific gaps
|
|
|
|
### Improvement Opportunities
|
|
|
|
- proposed control improvements
|
|
- resourcing or prioritisation needs
|
|
|
|
## Decisions Required
|
|
|
|
| Decision Area | Summary | Proposed Decision | Owner |
|
|
| --- | --- | --- | --- |
|
|
| [Area] | [Summary] | [Decision] | [Role] |
|
|
|
|
## Actions Proposed
|
|
|
|
| Action | Owner | Target Date | Priority | Linked Input |
|
|
| --- | --- | --- | --- | --- |
|
|
| [Action] | [Role] | [DD Month YYYY] | [Low/Medium/High] | [Risk / audit / incident / objective] |
|
|
|
|
## Related Documents
|
|
|
|
- Management Review Procedure
|
|
- Management Review Minutes Template
|
|
- Information Security Objectives Template
|
|
- Corrective Actions Register Template
|
|
|
|
## Version Control
|
|
|
|
| Version | Date | Description of Change | Author |
|
|
| --- | --- | --- | --- |
|
|
| 0.1 Draft | [DD Month YYYY] | Initial draft. | [Name or Role] |
|