MANAGEMENT REVIEW MEETING POLICY
Document Identification |
HSNZ/POL/34 |
|
Document Name |
Management Review Meeting Policy |
|
Master Copy |
CISO |
|
Version Number |
1.3 |
|
Date Of Release |
15 Aug 2023 |
|
Prepared By |
Eparama Tuibenau |
CISO |
Approved by |
Kevin McAfee |
Managing Director |
VERSION HISTORY
Sl No |
Version No. |
Prepared by |
Approved by |
Description of Version |
Date |
Reason for Version Change |
|
From |
To |
||||||
1 |
1.0 |
- |
CISO |
MD |
First Release |
14 Apr 2020 |
No changes made |
1 |
1.0 |
1.1 |
CISO |
MD |
Updated |
04 Aug 2021 |
Modifications due to changes in HealthSafe |
1 |
1.1 |
1.2 |
CISO |
MD |
Reviewed |
28 Jul 2022 |
Annual review |
1 |
1.2 |
1.3 |
CISO |
MD |
Reviewed |
15 Aug 2023 |
Annual review |
DOCUMENT STATUS
Date |
Document Status |
14 Apr 2020 |
Modified |
04 Aug 2021 |
Reviewed |
28 Jul 2022 |
Reviewed |
15 Aug 2023 |
Current |
Table of Contents
1 Purpose
2 Scope
3 Procedure
4 Documentation and Records
1 PURPOSE:
To detail the procedure for carrying out management review meetings at defined intervals to ensure continuing suitability, adequacy and effectiveness of the information security management system and the ISMS policy, objectives, risk treatment, statement of applicability, analyze methods for improvement in the ISMS followed at HealthSafe NZ.
2 SCOPE:
This procedure is applicable to the ISM system in operation at HealthSafe.
3 PROCEDURES:
The FCU (Fortnightly Catch Up) meetings will be held bi-weekly.
Review Input:
The FCU reviews the following agenda during the meetings
- Awareness Tests
- Processes/Logs
- Internal Audits
- ISO27001 surveillance audit
- ISMS objective 1 - Quarterly internal audits
- ISMS objective 2 - Cyber attack monitoring
- ISMS objective 3 - Communication to team
- ISMS objective 4 - Adhering to law changes
- ISMS objective executive summary
The Management Team discusses the above points with available data and any improvement required in ensuring better information security systems and improvement in ISM System will be finalized.
Review Output:
Monitoring systems and evidence are reviewed at the bi-weekly FCU and discussed openly with the Management Team where decisions are made and who is responsible for action them.
- Improvement of the effectiveness of the ISMS
- Modifications of procedures and controls that affect information security, as necessary, to respond to internal and external events that may impact on the ISMS, including changes to
- Business requirements
- Security requirements
- Business processes affecting the existing business requirements
- Regulatory or legal requirements
- Contractual obligations and
- Levels of risk and / or criteria for accepting risks
- Resource needs
- Improvement to how the effectiveness of controls is being measured.
4 DOCUMENTATION AND RECORDS
HealthSafe Senior Business Update
Daily Management Standup Meetings