Class: ManagementReview
A management review per Clause 9.3, conducted by top management to evaluate ongoing ISMS performance and fitness for purpose.
URI: iso27001:ManagementReview
classDiagram
class ManagementReview
click ManagementReview href "../ManagementReview/"
DocumentedInformation <|-- ManagementReview
click DocumentedInformation href "../DocumentedInformation/"
ManagementReview : action_items
ManagementReview : approved_by
ManagementReview : approved_date
ManagementReview : attendees
ManagementReview : audit_results_summary
ManagementReview : author
ManagementReview : classification
ManagementReview : context_changes
ManagementReview : created_date
ManagementReview : decisions
ManagementReview : description
ManagementReview : document_reference
ManagementReview : document_type
ManagementReview --> "0..1" DocumentType : document_type
click DocumentType href "../DocumentType/"
ManagementReview : effective_date
ManagementReview : id
ManagementReview : improvement_opportunities
ManagementReview : interested_party_changes
ManagementReview : modified_date
ManagementReview : name
ManagementReview : next_review_date
ManagementReview : owner
ManagementReview : performance_trends
ManagementReview : previous_actions_status
ManagementReview : retention_period
ManagementReview : review_date
ManagementReview : risk_assessment_results
ManagementReview : status
ManagementReview : version
Inheritance
- NamedEntity
- DocumentedInformation
- ManagementReview
- DocumentedInformation
Slots
| Name | Cardinality and Range | Description | Inheritance |
|---|---|---|---|
| review_date | 0..1 Date |
Date when the management review was conducted | direct |
| attendees | * String |
Attendees of the review | direct |
| previous_actions_status | 0..1 String |
Status of actions from previous reviews | direct |
| context_changes | 0..1 String |
Changes in context since last review | direct |
| interested_party_changes | 0..1 String |
Changes in interested party requirements | direct |
| performance_trends | 0..1 String |
Trends in information security performance | direct |
| audit_results_summary | 0..1 String |
Summary of audit results | direct |
| risk_assessment_results | 0..1 String |
Results of risk assessment | direct |
| improvement_opportunities | * String |
Opportunities for improvement identified | direct |
| decisions | * String |
Decisions made in the review | direct |
| action_items | * String |
Action items from the review | direct |
| next_review_date | 0..1 Date |
Planned date for next review | direct |
| document_type | 0..1 DocumentType |
Classification of the documented information | DocumentedInformation |
| document_reference | 0..1 String |
Unique reference number for document control | DocumentedInformation |
| author | 0..1 String |
Person who created the document | DocumentedInformation |
| owner | 0..1 String |
Person accountable for the document content and maintenance | DocumentedInformation |
| approved_by | 0..1 String |
Person who approved the document | DocumentedInformation |
| approved_date | 0..1 Date |
Date when the document was approved | DocumentedInformation |
| effective_date | 0..1 Date |
Date when the document becomes effective | DocumentedInformation |
| status | 0..1 String |
Current status of the document or entity | DocumentedInformation |
| classification | 0..1 String |
Information classification level | DocumentedInformation |
| retention_period | 0..1 DurationType |
Duration for which the document is retained | DocumentedInformation |
| id | 1 Uriorcurie |
Unique identifier for this entity instance | NamedEntity |
| name | 1 String |
Human-readable name or title | NamedEntity |
| description | 0..1 String |
Detailed description of the entity | NamedEntity |
| created_date | 0..1 Date |
Date when the entity was created | NamedEntity |
| modified_date | 0..1 Date |
Date when the entity was last modified | NamedEntity |
| version | 0..1 String |
Version identifier for the entity | NamedEntity |
Usages
| used by | used in | type | used |
|---|---|---|---|
| InformationSecurityManagementSystem | management_reviews | range | ManagementReview |
In Subsets
Comments
- Captures periodic management review inputs, outputs, and follow-up actions
- Reference: ISO/IEC 27001:2022 Clause 9.3. ISO/IEC standards text is copyright ISO - not reproduced here.
Identifier and Mapping Information
Annotations
| property | value |
|---|---|
| iso27001_clause | 9.3 |
Schema Source
- from schema: https://w3id.org/lmodel/iso27001
Mappings
| Mapping Type | Mapped Value |
|---|---|
| self | iso27001:ManagementReview |
| native | iso27001:ManagementReview |
LinkML Source
Direct
name: ManagementReview
annotations:
iso27001_clause:
tag: iso27001_clause
value: '9.3'
description: A management review per Clause 9.3, conducted by top management to evaluate
ongoing ISMS performance and fitness for purpose.
comments:
- Captures periodic management review inputs, outputs, and follow-up actions
- 'Reference: ISO/IEC 27001:2022 Clause 9.3. ISO/IEC standards text is copyright ISO
- not reproduced here.'
in_subset:
- performance_evaluation
- documented_information
from_schema: https://w3id.org/lmodel/iso27001
is_a: DocumentedInformation
slots:
- review_date
- attendees
- previous_actions_status
- context_changes
- interested_party_changes
- performance_trends
- audit_results_summary
- risk_assessment_results
- improvement_opportunities
- decisions
- action_items
- next_review_date
slot_usage:
review_date:
name: review_date
description: Date when the management review was conducted.
Induced
name: ManagementReview
annotations:
iso27001_clause:
tag: iso27001_clause
value: '9.3'
description: A management review per Clause 9.3, conducted by top management to evaluate
ongoing ISMS performance and fitness for purpose.
comments:
- Captures periodic management review inputs, outputs, and follow-up actions
- 'Reference: ISO/IEC 27001:2022 Clause 9.3. ISO/IEC standards text is copyright ISO
- not reproduced here.'
in_subset:
- performance_evaluation
- documented_information
from_schema: https://w3id.org/lmodel/iso27001
is_a: DocumentedInformation
slot_usage:
review_date:
name: review_date
description: Date when the management review was conducted.
attributes:
review_date:
name: review_date
description: Date when the management review was conducted.
from_schema: https://w3id.org/lmodel/iso27001
rank: 1000
alias: review_date
owner: ManagementReview
domain_of:
- DocumentedInformation
- ManagementReview
range: date
attendees:
name: attendees
description: Attendees of the review.
from_schema: https://w3id.org/lmodel/iso27001
rank: 1000
alias: attendees
owner: ManagementReview
domain_of:
- ManagementReview
range: string
multivalued: true
previous_actions_status:
name: previous_actions_status
annotations:
iso27001_clause:
tag: iso27001_clause
value: 9.3.2 a)
description: Status of actions from previous reviews.
from_schema: https://w3id.org/lmodel/iso27001
rank: 1000
alias: previous_actions_status
owner: ManagementReview
domain_of:
- ManagementReview
range: string
context_changes:
name: context_changes
annotations:
iso27001_clause:
tag: iso27001_clause
value: 9.3.2 b)
description: Changes in context since last review.
from_schema: https://w3id.org/lmodel/iso27001
rank: 1000
alias: context_changes
owner: ManagementReview
domain_of:
- ManagementReview
range: string
interested_party_changes:
name: interested_party_changes
annotations:
iso27001_clause:
tag: iso27001_clause
value: 9.3.2 c)
description: Changes in interested party requirements.
from_schema: https://w3id.org/lmodel/iso27001
rank: 1000
alias: interested_party_changes
owner: ManagementReview
domain_of:
- ManagementReview
range: string
performance_trends:
name: performance_trends
annotations:
iso27001_clause:
tag: iso27001_clause
value: 9.3.2 d)
description: Trends in information security performance.
from_schema: https://w3id.org/lmodel/iso27001
rank: 1000
alias: performance_trends
owner: ManagementReview
domain_of:
- ManagementReview
range: string
audit_results_summary:
name: audit_results_summary
annotations:
iso27001_clause:
tag: iso27001_clause
value: 9.3.2 d) 3)
description: Summary of audit results.
from_schema: https://w3id.org/lmodel/iso27001
rank: 1000
alias: audit_results_summary
owner: ManagementReview
domain_of:
- ManagementReview
range: string
risk_assessment_results:
name: risk_assessment_results
annotations:
iso27001_clause:
tag: iso27001_clause
value: 9.3.2 f)
description: Results of risk assessment.
from_schema: https://w3id.org/lmodel/iso27001
rank: 1000
alias: risk_assessment_results
owner: ManagementReview
domain_of:
- ManagementReview
range: string
improvement_opportunities:
name: improvement_opportunities
annotations:
iso27001_clause:
tag: iso27001_clause
value: 9.3.2 g)
description: Opportunities for improvement identified.
from_schema: https://w3id.org/lmodel/iso27001
rank: 1000
alias: improvement_opportunities
owner: ManagementReview
domain_of:
- ManagementReview
range: string
multivalued: true
decisions:
name: decisions
annotations:
iso27001_clause:
tag: iso27001_clause
value: 9.3.3
description: Decisions made in the review.
from_schema: https://w3id.org/lmodel/iso27001
rank: 1000
alias: decisions
owner: ManagementReview
domain_of:
- ManagementReview
range: string
multivalued: true
action_items:
name: action_items
description: Action items from the review.
from_schema: https://w3id.org/lmodel/iso27001
rank: 1000
alias: action_items
owner: ManagementReview
domain_of:
- ManagementReview
range: string
multivalued: true
next_review_date:
name: next_review_date
description: Planned date for next review.
from_schema: https://w3id.org/lmodel/iso27001
rank: 1000
alias: next_review_date
owner: ManagementReview
domain_of:
- ManagementReview
range: date
document_type:
name: document_type
description: Classification of the documented information.
in_subset:
- documented_information
from_schema: https://w3id.org/lmodel/iso27001
rank: 1000
alias: document_type
owner: ManagementReview
domain_of:
- DocumentedInformation
range: DocumentType
document_reference:
name: document_reference
description: Unique reference number for document control.
comments:
- Per 7.5.2 a) identification and description
examples:
- value: ISMS-POL-001
- value: RA-2024-003
from_schema: https://w3id.org/lmodel/iso27001
rank: 1000
alias: document_reference
owner: ManagementReview
domain_of:
- DocumentedInformation
range: string
author:
name: author
description: Person who created the document.
from_schema: https://w3id.org/lmodel/iso27001
rank: 1000
alias: author
owner: ManagementReview
domain_of:
- DocumentedInformation
range: string
owner:
name: owner
description: Person accountable for the document content and maintenance.
from_schema: https://w3id.org/lmodel/iso27001
rank: 1000
alias: owner
owner: ManagementReview
domain_of:
- DocumentedInformation
range: string
approved_by:
name: approved_by
description: Person who approved the document.
comments:
- Per 7.5.2 c) review and approval
from_schema: https://w3id.org/lmodel/iso27001
rank: 1000
alias: approved_by
owner: ManagementReview
domain_of:
- DocumentedInformation
- StatementOfApplicability
range: string
approved_date:
name: approved_date
description: Date when the document was approved.
from_schema: https://w3id.org/lmodel/iso27001
rank: 1000
alias: approved_date
owner: ManagementReview
domain_of:
- DocumentedInformation
- RiskTreatmentPlan
range: date
effective_date:
name: effective_date
description: Date when the document becomes effective.
from_schema: https://w3id.org/lmodel/iso27001
rank: 1000
alias: effective_date
owner: ManagementReview
domain_of:
- DocumentedInformation
range: date
status:
name: status
description: Current status of the document or entity.
comments:
- Examples include draft, approved, active, superseded, archived
from_schema: https://w3id.org/lmodel/iso27001
rank: 1000
alias: status
owner: ManagementReview
domain_of:
- DocumentedInformation
- Nonconformity
- CorrectiveAction
- ImprovementOpportunity
range: string
classification:
name: classification
description: Information classification level.
comments:
- Per A.5.12, classification based on confidentiality, integrity, availability
examples:
- value: confidential
- value: internal
- value: public
from_schema: https://w3id.org/lmodel/iso27001
rank: 1000
alias: classification
owner: ManagementReview
domain_of:
- DocumentedInformation
- Asset
range: string
retention_period:
name: retention_period
description: Duration for which the document is retained.
comments:
- Per 7.5.3 f) retention and disposition
- Use ISO 8601 duration notation such as P1Y or P90D
from_schema: https://w3id.org/lmodel/iso27001
rank: 1000
alias: retention_period
owner: ManagementReview
domain_of:
- DocumentedInformation
range: duration type
id:
name: id
description: Unique identifier for this entity instance.
comments:
- Should use consistent URI/CURIE format across the dataset
examples:
- value: iso27001:risk-001
- value: iso27001:control-5.1
from_schema: https://w3id.org/lmodel/iso27001
rank: 1000
identifier: true
alias: id
owner: ManagementReview
domain_of:
- NamedEntity
range: uriorcurie
required: true
name:
name: name
description: Human-readable name or title.
from_schema: https://w3id.org/lmodel/iso27001
rank: 1000
alias: name
owner: ManagementReview
domain_of:
- NamedEntity
range: string
required: true
description:
name: description
description: Detailed description of the entity.
comments:
- Should provide sufficient detail for understanding without external reference
from_schema: https://w3id.org/lmodel/iso27001
rank: 1000
alias: description
owner: ManagementReview
domain_of:
- NamedEntity
range: string
created_date:
name: created_date
description: Date when the entity was created.
from_schema: https://w3id.org/lmodel/iso27001
rank: 1000
alias: created_date
owner: ManagementReview
domain_of:
- NamedEntity
range: date
modified_date:
name: modified_date
description: Date when the entity was last modified.
from_schema: https://w3id.org/lmodel/iso27001
rank: 1000
alias: modified_date
owner: ManagementReview
domain_of:
- NamedEntity
range: date
version:
name: version
description: Version identifier for the entity.
comments:
- Supports document control requirements per 7.5.3 e)
examples:
- value: '1.0'
- value: 2.3.1
from_schema: https://w3id.org/lmodel/iso27001
rank: 1000
alias: version
owner: ManagementReview
domain_of:
- NamedEntity
range: string