Description
Annual management review of ISMS performance required under ISO 27001 Clause 9.3.
Requirements
- Review ISMS performance metrics
- Review security incidents and trends
- Assess risk treatment plan status
- Review audit findings
- Approve ISMS improvements
Applicable To
ISO 27001 Certified Organizations
Penalty Information
âš Missing management review is a major non-conformity.