Examples
ISO yearly review
Annual ISMS / AIMS review template — pentest SOW, IRP tabletop, management review, audit pack.
The ISO yearly review process template models the annual review and assurance cycle expected by ISO 27001 and ISO 42001.
What it provides
| Artefact | Purpose |
|---|---|
| Pentest SOW | Scope of work for the annual penetration test. |
| IRP tabletop scenario | Incident-response plan tabletop exercise script. |
| Management review pack | The materials for the annual management review. |
| Audit pack manifest | A manifest of evidence assembled for the external audit. |
Setup
- Install the ISO yearly review process template from the marketplace.
- Create a workflow instance for the current year.
- Assign reviewers and approvers.
- Set the milestone dates (pentest, tabletop, management review, audit).
The flow
Year start
│
▼
[Issue pentest SOW] → [Pentest report] → [Remediation tracking]
│
▼
[Schedule IRP tabletop] → [Tabletop execution] → [Lessons learned]
│
▼
[Assemble management review pack] → [Management review] → [Decisions]
│
▼
[Build audit pack] → [External audit] → [Audit response]Sample data
Ships with:
01-pentest-sow.md— example pentest scope of work.02-irp-tabletop-scenario.md— example tabletop script.03-management-review-pack.md— example review pack.04-audit-pack-manifest.md— example audit pack manifest.
Compliance mapping
- ISO 27001 clause 9.3 (management review), clause 9.2 (internal audit).
- ISO 42001 clause 9.3 (management review), clause 9.2 (internal audit).
- SOC 2 CC9 (risk mitigation), CC7 (system operations).
- EU AI Act Article 15 (cybersecurity).
Related
- ISO quarterly review — the quarterly counterpart.
- Compliance → AI governance — where annual review fits in the lifecycle.