Evaluate your actions

Review your information security plan at least annually to constantly improve the security of your organization's information. Carrying out an evaluation, which is an overview of the advances made in the security plan, its potential improvements as well as its additions, is healthy for the whole organization.

We advise you to review your security plan on an annual basis with management. This will allow you to correct and complete but also improve the awareness of your management regarding the importance of information security and data protection. The information security plan develops over time. It is especially necessary to do a review in order to take on board: 

  • the developments of threats and feedback about the handling of incidents
  • the results of risk assessments as well as the actions arising from checks or audits
  • developments in organizational, legal, regulatory and technological contexts

Follow-up of the progress is a responsibility of the management of different departments, which entails the following actions:

  • Follow up implementation of the security plan
  • Measure the security level of the organization
  • Propose updates or improvements to the security plan
  • Provide additional documents and guidelines to facilitate or clarify execution of the plan
  • Follow up the lifecycle of the documentation

Certain organizations are legally required to rapport on the progress of their security plan (ex. Social Security)