Continual Improvement For ISO 27001 Requirement 10.2

What is covered under ISO 27001 Clause 10.2? 

A large part of running an information security management system is to see it as a living and breathing thing. Your organisation should always be assessing, testing, reviewing and measuring the performance of the ISMS, to ensure it is still supporting and meeting your business goals.

There are several mechanisms covered within ISO 27001 for the continual evaluation and improvement of your ISMS including audits, management reviews, the corrective actions and improvements process, ongoing risk assessment, ongoing staff engagement etc. The secret is not to waste time duplicating work that is going on in the wider ISMS in order to easily demonstrate continual improvement is taking place.

How to demonstrate the organisation is continually improving the suitability, adequacy, and effectiveness of the ISMS

This is a great example of how the ISMS.online solution brings everything together so there is no need to duplicate effort. Simply reiterate the work that is going on in the wider system, joining it up holistically and through the powerful linking feature.

Again, ISMS.online comes with a Policy for 10.2 which already includes links to the areas where you will be able to quickly demonstrate continual improvement is embedded in your organisation.

Ready to take action?

Discover how ISMS.online can help you achieve or improve on your ISMS objectives

 

Need ISO 27001 policies and controls for your ISMS?

ISMS.online includes practical policies and controls for your organisation to easily adopt, adapt and add to, giving you up to 77% head start with ISO 27001 documentation. 

 

 

Ready to take action?

Discover how ISMS.online can help you achieve or improve on your ISMS objectives

ISMS Online Rating: 5 out of 5
Share This