Clarifies and improves existing PDCA process requirements
–ISMS scope (inc. details & justification for any exclusions)
–Approach to risk assessment (to produce comparable & reproducible results)
–Selection of controls (criteria for accepting risks)
–Statement of Applicability (currently implemented)
–Reviewing risks
–Management commitment
–ISMS internal audits
–Results of effectiveness and measurements
(summarised statement on ‘measures of effectiveness’)
–Update risk treatment plans, procedures and controls
No comments:
Post a Comment