Medium pirority


Schedule annual review of your information security policies

Once you have created your basic ISMS documents, most importantly the information security policy, you should schedule a recurring annual review to ensure that the contents of the documents still correspond to the realities and priorities of your organization.

Enhance responsiveness to change by ensuring independent reviews are promptly conducted in response to significant external changes (e.g., new laws or significant incidents) or internal changes (e.g., new business ventures, product/service changes, or major updates to information security controls).

Subtask 1


Formalize the relevant internal roles

Subtask 2


Perform a brief analysis identifying which systems are needed for the storage and processing of critical data

Subtask 3

Not started