Medium pirority
02
Schedule annual review of your information security policies
Once you have created your basic ISMS documents, most importantly the information security policy, you should schedule a recurring annual review to ensure that the contents of the documents still correspond to the realities and priorities of your organization.
Enhance responsiveness to change by ensuring independent reviews are promptly conducted in response to significant external changes (e.g., new laws or significant incidents) or internal changes (e.g., new business ventures, product/service changes, or major updates to information security controls).
Subtask 1
Planned
Formalize the relevant internal roles
Subtask 2
Ongoing
Perform a brief analysis identifying which systems are needed for the storage and processing of critical data
Subtask 3
Not started