Management Review Notes
Last updated: {{insert date}}
1. Meeting Details
- Date of Review:
- Attendees: (e.g., Management, ISMS Lead, Developer, Compliance Officer)
- Chairperson:
- Frequency: At least annually
2. Agenda
- Review the scope of the ISMS
- Review policies, procedures, and playbooks
- Review the Risk Register & Exceptions Register
- Review Evidence logs (log reviews, backups, disposals, DSRs)
- Review incidents and lessons learned
- Review audit findings (internal/external)
- Review legal, regulatory, and contractual requirements (GDPR, POPIA, etc.)
- Review opportunities for improvement
- Approve objectives for the next year
3. Discussion Summary
- Changes to context or scope:
- Significant risks identified:
- Effectiveness of ISMS controls:
- Status of objectives from last review:
- Incidents and corrective actions:
- Compliance updates (laws, standards):
- Improvement opportunities:
4. Decisions & Actions
| Action ID | Description | Owner | Deadline | Status |
|---|---|---|---|---|
5. Approval
- Approved by Management on:
- Signature / Name: