Your security and compliance glossary

All the terms you need to know when you’re trying to get compliance audit ready, fast.

Show filters
Blogs
Glossary
Guides
Videos

Follow us

GLOSSARY
ISO 27001
ISO 27001 Management Review

What is the ISO 27001 management review?

The ISO 27001 management review intends to ensure an organization’s Information Security Management System (ISMS) and its objectives continue to remain appropriate and effective given the organization’s purpose, issues, and risks around its information assets. 


Senior management within an organization is ultimately responsible for the success of the organization’s ISMS. For senior management to confirm the ISMS is operating effectively and meeting defined objectives, they need to conduct management reviews. The management review serves the critical purpose of setting the tone and expectations for the organization concerning the organization’s implementation and maintenance of good information security practices.


Management reviews should be pre-planned and conducted often enough to make sure the ISMS continues to operate effectively and achieve the objectives of the business. The ISO 27001 standard states that reviews should occur at planned intervals, generally at least once per year and within the external audit period. However, given the rapidly changing information security threat and legal and regulatory landscape, it is recommended that the ISMS governing body conduct meetings more frequently. Meeting at least every quarter will help establish that the ISMS is operating effectively; that senior management remains informed; and that any adjustments to address risks or deficiencies can be promptly implemented.

Additional resources you might like:

Blog
Security

Vulnerability scanning tools: What are they and how should they be used?

Keeping your data secure relies on tracking down and fixing vulnerabilities. Find those open doors in your system with vulnerability scanning tools.

Blog
Product updates

New in Vanta | January 2023

Vanta has made some pretty exciting updates already in 2023. Learn about Trustpage by Vanta, our newest integrations, and the most recent improvements to the platform.

Video
ISO 27001

ISO 27001:2022 What's changed and what it means for your business

In late 2022, ISO 27001 rolled out changes to the Annex A controls, minor updates to the clause language, modernized controls, as well as 12 new controls. Whether you have ISO 27001 and want to learn more about these updates, or are pursuing ISO for the first time, this on-demand webinar is for you. Join Matt Cooper, Senior Manager of Privacy, Risk, and Compliance at Vanta, and Steve Conley, IT Audit Director at Insight Assurance, to dive in.

The compliance news you need. Delivered securely to your inbox.

Subject to Vanta's Privacy Policy, you agree to allow Vanta to contact you via the email provided for marketing and other purposes

Everything you need to get compliance audit ready, fast.

GET STARTED TODAYGET STARTED TODAY

Vanta is the easy way to get and stay compliant. Thousands of fast-growing companies depend on Vanta to automate their security monitoring and get ready for security audits in weeks, not months. Simply connect your tools to Vanta, fix the gaps on your dashboard, and then work with a Vanta-trained auditor to complete your audit.

Products
SOC 2ISO 27001GDPRHIPAAPCI DSSCCPAAdditional FrameworksIntegrations
Customers
Customer Case Studies
Resources
BlogsGuidesGlossaryVideosAll Resources
Company
AboutCareersPressSecuritySystem StatusTrust Report
Manage CookiesTermsPrivacy