IS.D.OR.260 Continuous improvement

Navigate / EASA

Ask question Discover more Add to collection

Regulation (EU) 2022/1645

(a) The organisation shall assess, using adequate performance indicators, the effectiveness and maturity of the ISMS. That assessment shall be carried out on a calendar basis predefined by the organisation or following an information security incident.

(b) If deficiencies are found following the assessment carried out in accordance with point (a), the organisation shall take the necessary improvement measures to ensure that the ISMS continues to comply with the applicable requirements and maintains the information security risks at an acceptable level. In addition, the organisation shall reassess those elements of the ISMS affected by the adopted measures.

Details

Source-Title: IS.D.OR.260 Continuous improvement

Erulesid: ERULES-1963177438-19921 Compare versions

Domain: Information Security (IS)

Applicabilitydate: 16 October 2025

Entryintoforcedate: 16 October 2022

Regulatorysource: Regulation (EU) 2022/1645 Navigate

Regulatorysubject: Part-IS.D.OR

Typeofcontent: DR (Delegated rule)

Origin: EASA

Category: EAR

Details

Related sections: