+ISMS.1.A11 Continuity of Information Security (S)

1. Übersicht

ISMS.1.A11 Continuity of Information Security (S)

An organisation SHOULD review its security process, security concepts, information security
policy, and organisational structure for information security in terms of their appropriateness
and effectiveness and update them at regular intervals. Completeness and update checks of the
security concept SHOULD also be performed regularly in this regard.
Security audits SHOULD be performed regularly. In this regard, there SHOULD be rules that
specify which areas and security safeguards need to be checked when and by whom. The level
of security SHOULD be reviewed regularly (at least once a year) and whenever there is a reason
to do so.
These reviews SHOULD be performed by qualified and independent persons. The results of the
reviews SHOULD be documented in a transparent manner. Based on this, shortcomings
SHOULD be eliminated and corrective measures taken.

Bezeichnung	Standard

1.1 Referenzen

1.2 Identifizierte Anforderungen

1.2 Related Regulation

2. Identifizierte Anforderungen

Anforderungen
Source	Anforderung

3. Related Regulations

Regulations
Source	Regulierung

ITGC -
Bundesamt für Sicherheiter in der Informationstechnik - IT-Grundschutzkompendium Stand 2022