Documented Information & Useful Links
We have established the critical elements of our ISMS & PIMS that require monitoring, measuring, analysing and evaluating. Measures are intrinsically linked to objectives with targets and include breach reporting, subject access request response, customer complaints, breach frequency and performance of external providers. A strategic scorecard is used to collect the data and provide analysis. Regular reviews of performance are conducted.
Internal audits are conducted to measure the effectiveness of the ISMS & PIMS. Audits are conducted at defined intervals in accordance with the compliance calendar. Audits are conducted impartially with findings reported to the management team. Actions are documented on the audit platform and reviewed at the management review. Root cause analysis is conducted and where appropriate, corrective action is applied.
Management reviews are conducted annually, as a minimum. The reviews shall be attended by the leadership team and shall follow a strict agenda of inputs. Prior to the management review a report will be circulated to the leadership team by the Compliance Partner providing a detailed analysis of the ISMS & PIMS prior to review. Minutes and/or actions from the review will be retained in the form of documented information.