...
Reference | Item | Description |
1 | Actions from previous review | Statement of whether actions have been completed or not and if not, what the next steps are |
2 | Changes relevant to the management system | Any significant internal or external changes that have occurred since the last review that may have an impact on the management system and so need to be considered |
3 | Nonconformities and corrective actions | Status of actions raised from previous internal and external audits |
4 | Monitoring and measurement results | Noteworthy items from monitoring and measurement reports, particularly exceptional results (good or bad) and whether targets are being met |
5 | Audit results | Summary of the conclusions of any audits carried out since the last management review |
6 | Fulfilment of objectives | Statement of how far we are towards achievement of information security objectives |
7 | Feedback from interested parties | Comments from people and organisations relevant to the VQMS e.g. customers, suppliers |
8 | Risk assessment and treatment status | Changes to risk levels in the last quarter, including any new threats or vulnerabilities; progress on risk treatment plan |
9 | Opportunities for continual improvement | Update the plan and summarise progress for existing improvements; identify new opportunities |
10 | Resource planning and plan for next quarter | Review of resource adequacy and main activities scheduled for the next quarter |
11 | Any other business | Items not covered within the formal agenda |
12 | Supplier Review | Conduct a detailed external supplier review on a quarterly basis |
13 | Actions from this review | Actions recorded during this review, with person responsible and target date13 |
14 | Information Continuity Processes Review | Review our current processes for ensuring we can continue to operate effectively in case of disaster |
15 | Date of next meeting | Ensure that the next meeting has been scheduled |
...