Download and manage your minutes effectively.
As part of SureCloud’s “Keep Calm & Audit On” series, our ISMS Lead Oliver Vistisen has created a free ISMS Actions Spreadsheet that your organisation can use to keep up with your ISMS committee minutes effectively for remote and in person meetings. You can read his full guide ‘Re-certifying ISO27001 in the midst of COVID-19’ here.
Staying on top of the ISMS committee minutes is a challenge within itself, keeping a record of what was said and agreed which is then written in a word document, published and send out to all attendees never to be found again. That is until the auditor asks you a question and you are unable to answer or find the information.
You will likely have to go away and spend time applying the agreed audit points to the actions risk register, controls, metrics table etc… Each is in a separate document which you need to aggregate into a single source of truth, and someone has to do it. It is unlikely your CISO, senior leadership or other committee members will have the time!
It doesn’t have to be that way.
Consider the minutes to be a log of updates, not a transcript of exactly what was said. During the meeting, if there’s a new action to be taken, why not write it directly onto your actions list. Updating a risk? That’s right, update the risk register itself directly.
Make a note in the committee minutes of the reference numbers of each update and paste in the changes. Add a brief overview to give context on the subject and move on. Committee time is precious, keep them focused on decision making!
If you can, provide links to each action, risk and control within your minutes wherever they’re stored even if it is from a word document to a table in an excel spreadsheet. Ideally, all of these records would be stored on the same system, making both content generation on the fly and references between them far simpler to maintain. It makes tracking your way back to decisions made far easier while the audit is being undertaken. That way you, can start with the specific action, risk or control and link back to the committee minutes, rather than vice versa.
The Actions Spreadsheet will assist you in preparing and organising for your ISMS Audit by having a clear outlook on all of the tasks that need to be completed.