Skip to content
English
Contact
  • There are no suggestions because the search field is empty.

How to update and maintain the Management System Guide (MSG)

The Management System Guide (MSG) is a dynamic document that requires regular updates to ensure it continues to meet the organisation's information security needs and remains compliant with ISO 27001. Understanding when and how to update the MSG is crucial for maintaining the effectiveness of your information security management system. This article provides guidance on the frequency of reviews, triggers for updates, and best practices for maintaining its relevance.

How Often to Review the MSG

  • Regular Scheduled Reviews: It's best practice to review the MSG at least annually. This regular review ensures that any changes in business operations, technology, or compliance requirements are consistently reflected in your information security practices.

  • Post-Audit Reviews: Following any internal or external audit, review the MSG to address any findings or gaps identified. Audits often provide insights into areas that may require more detailed attention or adjustment.

Triggers for Updating the MSG

Several scenarios may trigger the need for an immediate review and update of the MSG:

  • Organisational Changes: Any significant changes in organisational structure, such as mergers, acquisitions, or reorganisations, should prompt a review of the MSG to ensure it accurately reflects the current organisational context.

  • Technological Advancements: Introduction of new technology or significant changes to existing IT infrastructure can impact the risk landscape, necessitating updates to the MSG.

  • Security Incidents: In the event of a security breach or incident, it's crucial to review and possibly update the MSG to incorporate lessons learned and to better prevent future incidents.

  • Legal and Regulatory Changes: Updates in laws, regulations, or industry standards related to information security should be reflected in the MSG to ensure ongoing compliance.

  • Changes in Business Strategy: Shifts in the organisation’s strategic direction can impact its risk profile and security needs, requiring updates to the MSG.

Best Practices for Maintaining the MSG

  • Document Control System: Implement a document control system to manage revisions and history of the MSG. This system should track changes, manage versions, and ensure that only the current version is in circulation.

  • Stakeholder Engagement: Regularly involve stakeholders from various parts of the organisation in the review process. Their input is valuable for ensuring the MSG accurately reflects operational realities and security requirements.

  • Training and Awareness: Keep all relevant personnel trained and informed about any changes to the MSG. Regular training helps ensure that the policies and procedures outlined in the guide are understood and followed.

  • Continuous Improvement: Use feedback from audits, incident responses, and stakeholder input to continuously improve the content and usability of the MSG. This proactive approach helps in adapting to emerging threats and changing business conditions.

Maintaining an up-to-date MSG is critical for the effectiveness of your information security management system. Regular reviews, timely updates, and ongoing stakeholder engagement are essential for ensuring that the MSG evolves in line with organisational and technological changes, and continues to support the organisation’s objectives and compliance requirements effectively.