INFORMATION SECURITY: Principle 10

ISO 27001 Information Security Principles

Principle 10 – An Ongoing Review of Information Security And Modification As Necessary

The last principle of information security is to constantly assess, modify, and, if necessary, improve your information security. Your information security should be constantly assessed and reassessed to ensure it is performing well and providing value to your organization.

Your systems and networks are always vulnerable to new vulnerabilities. In addition, the threats you face will not diminish. The process of re-evaluating your system and making modifications ensures you stay current with the latest legislation, as well as the latest internal changes.

You can reassess your information security by implementing an internal audit program. Internal auditors need to be trained in this area. Once trained, they must plan their audits. After that, they’ll perform regular security audits to make sure everything is handled correctly.

At least one Technical Expert should be part of the audit team. It is imperative that the Technical Expert has knowledge of the areas being audited. Their work must not be audited by themselves, so they should be independent and impartial. A regular Management Review can also help to re-evaluate information security. A formal agenda is usually included in these meetings. Your Information Security Officer will attend the Management Review. The review should be conducted monthly, if possible.

Therefore, information security needs to be constantly analyzed, evaluated, and updated. Information security should always be improved. To keep your processes efficient and effective, utilize tools such as internal audits and management reviews.

Use SHEQ software

To design and implement a Quality Management System, SRM and many of our clients use Mango Compliance Software – www.mangolive.com Mango makes it easier to obtain and maintain ISO 9001:2015 certification.

 

SRM is ISO 9001:2015, ISO 14001:2015 and ISO 45001:2018 certified. Contact our consultants today. Let us know if we can help you with the development and implementation of your Quality Management System.