IS.D.OR.260 Continuous improvement

• Regulation (EU) 2022/1645 found in: Information Security (No 2023/203 and 2022/1645) Part-IS (Jun 2024)

IS.D.OR.260 Continuous improvement Regulation (EU) 2022/1645 (a)     The organisation shall assess, using adequate performance indicators, the effectiveness and maturity of the ISMS. That assessment shall be carried out on a calendar basis predefined by the organisation or following an information security incident. (b)     If deficiencies are found following the assessment carried out in accordance with point (a), the organisation shall take the necessary improvement measures to ensure that the ISMS continues to comply with the applicable requirements and maintains the information security risks at an acceptable level. In addition, the organisation shall reassess those elements of the ISMS affected by the adopted measures.