Management Process

This policy will be subject to ongoing review in light of any changes in legislation or good practice, and will be formally reviewed on a periodic basis at least annually. This review will be completed as a part of Certus’ Management Meeting process.

Certus’ ISMS comprises:

  • the policies contained in this document;
  • the policies and procedures contained in the subordinate documents;
  • the information systems and configurations within the company and within customer systems;
  • the management of their improvement over time.

The management process is aligned to the ISO27001 standard. Consistent with many contemporary Quality Management regimes the process follows the PDCA cycle shown in the figure below:

Figure 2: Plan, Do, Check, Act

../_images/planDoCheckAct.png

Certus’ management team is responsible for the continuation of this cycle. Through the Management Meeting system, the directors will:

Manage

  • support the establishment of the ISMS
  • provide resources and ensure personnel are competent
  • remain aware of Information Security issues
  • engage with customers and staff on information security
  • plan ISMS work and improvements

Audit and Measure

  • plan and conduct audits
  • take action where weaknesses are identified

Review

  • undertake periodic evaluations of the effectiveness and quality of the ISMS
  • examine outcomes of audits and check that follow up work has been completed

Improve

  • act upon the outcomes of reviews
  • update documentation
  • seek external advice as appropriate
  • correct nonconformities