Evaluate your actions
Review your information security plan at least annually to constantly improve the security of your organization's information. Carrying out an evaluation, which is an overview of the advances made in the security plan, its potential improvements as well as its benefits, is healthy for the whole organisation.
We advise you to review your security plan on an annual basis with management. This will allow you to correct and complete but also improve the awareness of your management regarding the importance of information security and data protection. The information security plan develops over time. It is especially necessary to do a review in order to take on board:
- the developments of threats and feedback about the handling of incidents,
- the results of risk assessments as well as the actions arising from checks or audits, and
- developments in organisational, legal, regulatory and technological contexts.
Periodically review your security exposure
Each organization will regularly assess its 'state of information security' on the basis of an audit/control/evaluation process.
Have an information security dashboard
Each organization will be able to review and present the state of information security on a regular basis.