Lesson 1, Topic 1
In Progress

Ongoing control

Whether your ISMS continues to conform to standards must be checked by means of controls. This also serves to identify possible improvements of the processes or to record possible optimizations to promote the ISMS. The management review can help here, for example, as it is used to coordinate the appropriateness and effectiveness of the ISMS with the company management. The ISO/ISB provides or is responsible for all necessary information. It should take place at least once a year.


Furthermore, the declaration of applicability (SoA) can also help to keep control over the ISMS by using it as a checklist and checking whether there are any points where changes have been made or are planned. An exemplary presentation of the SoA follows:


The same applies here to the “Evaluation of Norm compliance“, as here too it should be checked whether all points are still fulfilled or whether there are any changes.

In the older version of the standard, the PDCA cycle (Plan, Do, Check & Act) was prescribed in order to achieve continuous improvement of the ISMS. It is no longer mandatory, but it is still an important goal to improve your ISMS after its successful implementation, which means that you should use the above mentioned control mechanisms and constantly try to optimize your procedures, processes and the ISMS.