NIS2 · Management Review
Systematic Management Review Under NIS2.
Regular management reviews of the cyber security management system with documented results and decision tracking.
NIS2 Management Review
NIS2 Art. 20 requires management bodies to regularly review the effectiveness of cyber security measures. These reviews must be documented and used for continuous improvement.
Review Cycle
Jährlich, bei wesentlichen Änderungen unverzüglich
Reviews should be conducted at least annually. Following significant security incidents, major organisational changes or regulatory changes, ad-hoc reviews are recommended.
Review Agenda
The review should cover: status of cyber security measures, significant incidents and findings, results of risk assessments, audit findings, regulatory changes and improvement measures.
Überprüfung der Betroffenheitsprüfung und Sektorzuordnung
Bewertung des aktuellen Risikomanagement-Niveaus
Wirksamkeit der technischen und organisatorischen Maßnahmen
Incident-Statistik und Lessons Learned
Lieferkettenrisiko-Update
Budget- und Ressourcenplanung für das Folgejahr
Schulungsplan für Leitungsorgane und Schlüsselpersonal
Verknüpfte Module
Cross-references to management review templates, DORA governance and trust center.