SG-15—Management Review

>Control Description

The Information Security Management System (ISMS) steering committee conducts a formal management review of ISMS scope, risk assessment activities, control implementation, and audit results on an annual basis.

Theme

Process

Type

Corrective

Policy/Standard

Information Security Management Standard

>Implementation Guidance

1. Conduct ISMS steering committee meeting on monthly basis or on a need-to-know basis to discuss and review the current scope (products included), audit progress, ISMS scope, risk assessment activities, control implementation, and audit results. 2. Document the attendance of each member.

>Testing Procedure

1. Validate that ISMS Steering committee meet at least annually, and inspect meeting minutes from each meeting. 2. Inspect attendees of the steering committee meeting shall be documented, and members of the information steering committee shall include relevant members from the offering's organization. 3. Each meeting shall include an discussion and review of current scope (products included), audit progress, ISMS scope, risk assessment activities, control implementation, and audit results. Included shall be action items for any audit findings.

>Audit Artifacts

E-SG-09

>Framework Mappings

Cross-framework mappings provided by Adobe CCF Open Source under Creative Commons License.

Ask AI

Configure your API key to use AI features.

>Control Description

Theme

Type

Policy/Standard

>Implementation Guidance

>Testing Procedure

>Audit Artifacts

>Framework Mappings

ISO 270011

FedRAMP Rev 51

BSI C51

TX-RAMP1

Ask AI

ISO 27001
1

FedRAMP Rev 5
1

BSI C5
1

TX-RAMP
1