Requirement:
The cybersecurity strategy must be reviewed periodically according to planned intervals or upon changes to related laws and regulations.
Control Implementation Guidelines:
- Review and update the cybersecurity strategy periodically according to a documented and approved review plan as follows:
- In specific intervals according to best practices (to be determined by the organization and documented with the necessary approval in the strategy document)
- If there are changes in the relevant laws and regulations (e.g., changes in cybersecurity requirements applicable to the organization)
- In the event of material changes in the organization
- Document and approve the review procedures and changes to the cybersecurity strategy by the representative.
Expected Deliverables:
- An approved document that defines the review schedule for the cybersecurity strategy
- An updated cybersecurity strategy after documenting changes to the cybersecurity requirements and to be approved by the representative
- Project status reports
- Formal approval by the representative on the updated strategy (e.g., via the organization's official e-mail, paper or electronic signature)
Quick & Simple
Discover Our Cybersecurity Compliance Solutions:
Whether you need to meet and maintain your compliance requirements, help your clients meet them, or verify supplier compliance we have the expertise and solution for you
CMMC Level 1 Compliance
Become compliant, provide compliance services, or verify partner compliance with CMMC Level 1 Basic Safeguarding of Covered Contractor Information Systems requirements.
NIST SP 800-171 & CMMC Level 2 Compliance
Become compliant, provide compliance services, or verify partner compliance with NIST SP 800-171 and CMMC Level 2 requirements.
HIPAA Compliance
Become compliant, provide compliance services, or verify partner compliance with HIPAA security rule requirements.
ISO 27001 Compliance
Become compliant, provide compliance services, or verify partner compliance with ISO 27001 requirements.
FAR 52.204-21 Compliance
Become compliant, provide compliance services, or verify partner compliance with FAR 52.204-21 Basic Safeguarding of Covered Contractor Information Systems requirements.