Management Review Procedure
Document ID: DPWAT-ISMS-PROC-010
Version: 1.0
Owner: Administrator (ADM) — Anna Boros; Timo Andreas Bejan
Approved by: Administrator (ADM) — Anna Boros
Effective date: 2025-11-10
Next review: 2027-02-01 (or more often if needed)
1. Purpose
Conduct management reviews of the ISMS (ISO 27001 clause 9.3) and document decisions.
2. Inputs (minimum)
- Status of actions from previous reviews
- Changes in internal/external issues and interested parties
- Risk assessment and risk treatment status
- Incident and nonconformity status
- Monitoring and measurement results (KPIs)
- Audit results
- Supplier performance for critical suppliers
- Opportunities for continual improvement
3. Outputs (minimum)
- Decisions and actions for improvement
- Resource needs
- Changes to ISMS scope/objectives/policies
4. Frequency
At least annually, or more frequently if significant changes occur (e.g., major incidents, scope changes, organizational restructuring).
5. Records
Use template-management-review-minutes and store completed minutes in 07-records/.