Professional Documents
Culture Documents
Version: 0.1
Signature:
Change History
Date Version Created by Description of change
Valantina Jameel
Dinha
Page 1 of 7
Greyhound
Table of contents
1. PURPOSE, SCOPE AND USERS................................................................................................................. 3
2. REFERENCE DOCUMENTS....................................................................................................................... 3
5. APPENDICES.......................................................................................................................................... 7
Page 2 of 7
Greyhound
Users of this document are CEO and Senior Solution Manager of Greyhound.
2. Reference documents
ISO 27001:2013 standard, clause 9.3
Procedure for Determining Context of the Organization and Interested Parties
Procedure for Addressing Risks and Opportunities
Meetings with previously defined agenda, proceedings and formally determined actions
Phone or internet conference
Partial reviews on different levels in organization, with reporting to top management, who
conducts final review according to gathered data
Considering elements that provide a global view of the system, instead of considering minor
and irrelevant problems
HR supervisor organizes the meeting with mid-level management. Other members of staff will be
invited to participate in this review as appropriate.
1. Suitability – The quality of having properties that are right for the specific purpose. An
information security management system should be able to sustain the current performance
levels of the organization, utilizing an acceptable number of organizational resources.
2. Adequacy – Sufficient to satisfy a requirement or meet a need. An information security
management system should be capable of satisfying applicable requirements, including those
specified by the organization, the customer, and any applicable standards and/or regulations.
3. Effectiveness – Adequate to accomplish a purpose; producing the intended or expected
result. An information security management system should enable the organization to meet
its own needs, those of the customer and those of other interested parties.
Page 3 of 7
Greyhound
4. Alignment with strategic direction of the organization – A course of action that leads to the
achievement of the goals of an organization's strategy. The ISMS should be incorporated into
all activities of the organization and aligned with the strategic direction of the organization.
As a minimum, the following information and data are presented during the management review:
The top management must consider changes in the external and internal context of the
organization, determine if there were some changes, and plan further actions to address
those changes.
Senior Solution Manager presents results of internal and/or external information security
management system audits. This includes summaries of results for the cycle, frequencies of
audit findings against specific elements of the ISMS, and discussion of particularly important
findings.
SDM presents summaries of customer feedback and complaints, including analysis of trends
for specific categories, customer satisfaction data and trends.
SDM highlights any changes in internal and external issues relevant to the ISMS, needs and
expectations of interested parties, significant information security aspects, risks and
opportunities, service delivery, process, capacity, or other operational or organizational
changes that affect the information security management system and proposes specific
actions to update or modify the system in response to these changing circumstances. This
might also include external changes such as a new legal requirement coming into place.
For consultation with external parties, the organization should consider factors such as:
Page 4 of 7
Greyhound
Top management must review the performance of external providers, including suppliers
and subcontractors, according to the results of the evaluation of suppliers conducted
SDM presents the highest-risk nonconformities and the corrective actions which were
implemented, as well as incident investigations through the period and the status of pending
actions.
SDM reports on the status of action items from previous meetings. Items that are not
completed are carried on as continuing actions and are recorded as such in the minutes.
SDM highlights any service delivery, process, capacity, or other operational or organizational
changes that affect the ISMS and proposes specific actions to update or modify the system in
response to these changing circumstances. This might also include external changes such as a
new legal requirement coming into place.
Adequacy of resources
Top management must ensure that adequate resources are designated for each of the
planned activities.
Top management must review the effectiveness of actions taken to address risks and
opportunities and to initiate corrective actions if needed to achieve intended outcomes.
Senior Solution Manager presents data demonstrating progress toward achieving continual
improvement goals, and reviews current and completed improvement projects.
Information security objectives established through the review period are systematically
evaluated to assess progress:
Page 5 of 7
Greyhound
Senior Solution Manager reviews the information security policies to ensure its continuing
relevance. The information security policy is changed when the goals expressed in the policy
have been achieved, or when changes within or outside the organization render the policy
inadequate or inappropriate.
Senior Solution Manager conducts an additional management review in the following situations:
Output from the management review process includes decisions and actions related to:
Action items are highlighted to ensure that they are easily identifiable
Action items include the assignment of responsibility
Action items include timeframe and allocation of resources for implementation
Upon complete review of all inputs and generation of the outputs, management will determine the
continued suitability, adequacy and effectiveness of the information security management system.
Page 6 of 7
Greyhound
5. Appendices
Appendix 1 – Management Review Minutes
Page 7 of 7