34. HealthSafe Management Review Meeting Policy



MANAGEMENT REVIEW MEETING POLICY



Document Identification 

HSNZ/POL/34

Document Name

Management Review Meeting Policy

Master Copy

CISO

Version Number

1.3

Date Of Release 

15 Aug 2023

Prepared By

Eparama Tuibenau

CISO

Approved by

Kevin McAfee

Managing Director

 


VERSION HISTORY


Sl No

Version No.

Prepared by

Approved by

Description of Version

Date

Reason for Version Change

From

To

1

1.0

-

CISO

MD

First Release

14 Apr 2020 

No changes made

1

1.0

1.1

CISO

MD

Updated

04 Aug 2021 

Modifications due to changes in HealthSafe

1

1.1

1.2

CISO

MD

Reviewed

28 Jul 2022 

Annual review

1

1.2

1.3

CISO

MD

Reviewed

15 Aug 2023

Annual review


DOCUMENT STATUS


Date

Document Status

14 Apr 2020

Modified

04 Aug 2021

Reviewed

28 Jul 2022

Reviewed

15 Aug 2023

Current


Table of Contents

1 Purpose


2 Scope


3 Procedure


4 Documentation and Records



1 PURPOSE:

To detail the procedure for carrying out management review meetings at defined intervals to ensure continuing suitability, adequacy and effectiveness of the information security management system and the ISMS policy, objectives, risk treatment, statement of applicability, analyze methods for improvement in the ISMS followed at HealthSafe NZ.


2 SCOPE:

This procedure is applicable to the ISM system in operation at HealthSafe.


3 PROCEDURES:

The FCU (Fortnightly Catch Up) meetings will be held bi-weekly.   


Review Input:

The FCU reviews the following agenda during the meetings 

  • Awareness Tests
  • Processes/Logs
  • Internal Audits
  • ISO27001 surveillance audit 
  • ISMS objective 1 - Quarterly internal audits
  • ISMS objective 2 - Cyber attack monitoring
  • ISMS objective 3 - Communication to team
  • ISMS objective 4 - Adhering to law changes
  • ISMS objective executive summary

The Management Team discusses the above points with available data and any improvement required in ensuring better information security systems and improvement in ISM System will be finalized.


Review Output:

Monitoring systems and evidence are reviewed at the bi-weekly FCU and discussed openly with the Management Team where decisions are made and who is responsible for action them. 

  • Improvement of the effectiveness of the ISMS
  • Modifications of procedures and controls that affect information security, as necessary, to respond to internal and external events that may impact on the ISMS, including changes to
    • Business requirements
    • Security requirements
    • Business processes affecting the existing business requirements
    • Regulatory or legal requirements
    • Contractual obligations and
    • Levels of risk and / or criteria for accepting risks
  • Resource needs
  • Improvement to how the effectiveness of controls is being measured.

4 DOCUMENTATION AND RECORDS

HealthSafe Senior Business Update

Daily Management Standup Meetings