# ISMS + AIMS Management Review — Annual Pack 2026

**Tenant:** Lumen.health
**Meeting:** Annual ISMS + AIMS Management Review (ISO 27001 Cl. 9.3 + ISO 42001 Cl. 9.3)
**Date:** 22 Aug 2026, 09:00–11:30 BST (2.5 h)
**Quorum:** 7 of 7 (full attendance)
**Chair:** Daniel Foley, CEO + Executive Sponsor
**Recorded by:** Priya Ramaswamy, Compliance Lead

---

## Attendees

| Role | Name | Attending |
|---|---|---|
| CEO + Executive Sponsor (Chair) | Daniel Foley | ✓ |
| Compliance Lead | Priya Ramaswamy | ✓ |
| CTO + Engineering Lead | Marco Esposito | ✓ |
| CISO | Aisha Khan | ✓ |
| AI Governance Owner | Lukas Berg | ✓ |
| DPO | Anne Verwoerd | ✓ |
| SRE Lead | Jakub Vaníček | ✓ |

## Agenda

1. Review of corrective actions from prior management review (Aug 2025)
2. Changes in external and internal issues affecting ISMS / AIMS
3. ISMS + AIMS performance and effectiveness
4. Feedback from interested parties
5. Continual improvement opportunities
6. Management decisions and resource commitments
7. Audit readiness — September 2026 BELAC stage-1

---

## 1. Prior management review — corrective actions status

12 corrective actions opened at the Aug 2025 review.

| # | Action | Status |
|---|---|---|
| MR-2025-01 | Implement AIMS policy framework | ✓ Closed (Q1 2026) |
| MR-2025-02 | Pursue ISO 42001 joint certification | ✓ In progress; target BELAC Sep 2026 |
| MR-2025-03 | Embed DLP into agentic egress | ✓ Closed (Q1 2026, EG-007) |
| MR-2025-04 | Annual external pen-test | ✓ Closed (Q2 2026, EG-009 — see § 3.1) |
| MR-2025-05 | Annual IRP tabletop | ✓ Closed (Q2 2026, EG-018) |
| MR-2025-06 | Annual DR tabletop | ✓ Closed (Q2 2026, new) |
| MR-2025-07 | Annual IR training programme | ✓ Closed (Q2 2026, A.6.3) |
| MR-2025-08 | Restore test executed | ✓ Closed (Q2 2026, A.8.13/A.8.14) |
| MR-2025-09 | AI impact assessments for all 7 AI systems | ✓ Closed (Q2 + Q3 2026) |
| MR-2025-10 | AIUC-1 quarterly evaluation cadence | ✓ Closed (Q1 + Q2 + Q3 2026) |
| MR-2025-11 | Peer-review records log | ✓ Closed (Q3 2026) |
| MR-2025-12 | Risk register annual refresh | ✓ Closed (Q2 2026) |

All 12 corrective actions closed. **No residual actions** from Aug 2025.

## 2. Changes in external and internal issues

### External (since Aug 2025)

- **EU AI Act** enters into force. Lumen.health's patient-intake conversational AI is classified as **High-Risk** under Annex III. ISO 42001 + AIUC-1 align well with the Act's transparency + risk-management requirements.
- **GDPR enforcement intensified**: 9 enforcement notices issued to mental-health SaaS providers across the EU since Aug 2025. Lumen.health's customer-data-deletion audit closed an enforcement gap (DPO-Q1-01).
- **NIS 2 Directive transposed** into NL law on 17 Jan 2026. Lumen.health is in scope as a "manager of essential services" (clinical pathway provider). NIS 2-specific controls integrated into the ISMS in Q2.

### Internal (since Aug 2025)

- **Headcount grew** 38 → 51 (+34 %). Onboarding programme expanded; awareness training (A.6.3) is now mandatory and tracked monthly via Vanta.
- **New AI system shipped**: the RAG retrieval feature on 11 Mar 2026. Initially missed its impact assessment (regression flagged in Q1 review); now closed and the deploy gate updated to require AI Gov sign-off (cf. EG-012).
- **Multi-region active-active** infrastructure rolled out Q4 2025. The DR tabletop in Q2 2026 validated the new architecture (RTO 2 h vs. target 4 h; RPO 5 min vs. target 15 min).
- **Series C round closed** 14 Feb 2026 (€18 m). Increased customer expectation re. SOC 2 Type II — Q4 2026 finalisation now committed.

## 3. ISMS + AIMS performance & effectiveness

### 3.1 Penetration test (Q2 2026)

PenTestPartners delivered the annual pen-test 15–29 May. Final report: 2 High, 7 Medium, 14 Low, 9 Informational findings. **0 Critical.**

| Severity | Open | Closed in window | In progress | Risk-accepted |
|---|---|---|---|---|
| Critical | 0 | n/a | n/a | n/a |
| High | 0 | 2 | 0 | 0 |
| Medium | 1 | 6 | 1 | 0 |
| Low | 4 | 10 | 0 | 0 |
| Informational | 0 | n/a | n/a | 9 (commentary only) |

All High findings closed within 14 days. The single open Medium tracks for closure by 30 Sep 2026.

### 3.2 IRP + DR tabletop outcomes

**IRP tabletop (02 May, scenario SC-A1 — cross-tenant LLM leak via RAG):** 5/6 success criteria met. The team missed the 30-min P0 confirmation by 7 minutes (37 min instead of 30). Lessons learned: standing P0-trigger questions; pre-staged regulator-notification template per scenario.

**DR tabletop (03 May, scenario DR-A2 — multi-region active-active failover):** All 4 success criteria met. RTO observed 2 h 14 min (target 4 h); RPO observed 8 min (target 15 min).

### 3.3 IR training

Full-team annual training delivered 17 Jun 2026 + IC-only quarterly drill (last 14 Aug 2026). Attendance 51/51 for the annual; 9/9 IC trainees for the quarterly. Evaluation forms: average 4.6/5 ("very useful").

### 3.4 Restore test

Full restore exercised 24 Jun 2026 from Q2 backups. Data integrity verified by row-count + sampling. Recorded RTO 1 h 47 min vs. target 4 h. Evidence in Vanta `evidence/iso-yearly-review/2026/restore-test/`.

### 3.5 AI Impact Assessments

All 7 AI systems now have current impact assessments:

| System | Last assessed | Risk level | Notes |
|---|---|---|---|
| Workflow Execution Engine | 14 Jul 2026 | Medium | New decision-logging capability |
| Copilot | 28 Jul 2026 | Medium | Patient-summary feature scope expanded |
| Agents | 04 Aug 2026 | Medium-High | Tool-access controls strengthened |
| withDlp capability | 11 Jul 2026 | Low | DLP coverage verified |
| Guardrails workflow block | 18 Jul 2026 | Medium | New prompt-injection guardrails |
| RAG / Knowledge Base | 30 Apr 2026 | High | Cross-tenant retrieval fix verified |
| Embedding Pipeline | 25 Jul 2026 | Low | Provider rotation tested |

The High-risk RAG system is reviewed quarterly going forward.

### 3.6 AIUC-1 delta review (Q1, Q2, Q3)

Three quarterly delta reviews completed against AIUC-1 v0.9.1 → v0.9.2 → v0.9.3 → v1.0.0 (Sep 2026 release expected). No new evidence gaps. Quarterly adversarial-robustness evals pass with marginal regression on Q2's session.

## 4. Feedback from interested parties

- **Customers:** 14 security reviews completed across enterprise customers. Two raised SOC 2 Type II readiness; both accept Dec 2026 finalisation.
- **Advisors:** 3 advisor consultations + 1 ex-NCSC consultation (Tomáš). No material concerns.
- **Regulators:** No regulator engagement in this period.
- **External evaluator (AIUC-1):** Continued positive feedback.

## 5. Continual improvement opportunities

1. **Standing P0-trigger questions** for IR (carried from IRP tabletop SC-A1).
2. **Pre-staged regulator-notification templates** per scenario family.
3. **Quarterly RAG impact-assessment review cadence** (down from yearly).
4. **Awareness training: ramp up phishing simulations** monthly (current: quarterly).
5. **Customer-facing security page**: publish the AIMS policy + the redacted pen-test summary.

## 6. Management decisions and resource commitments

(See `04-management-decisions.md` for the full decisions log — keys here.)

- **D-2026-AR-01**: Authorise the BELAC stage-1 audit booking (Sep 2026, joint ISO 27001 + ISO 42001).
- **D-2026-AR-02**: Commit €120 k to a dedicated AI Governance Coordinator (full-time, starts Q4 2026).
- **D-2026-AR-03**: Approve SOC 2 Type II observation-period close as Q4 2026 (commitment from Q1 quarterly review).
- **D-2026-AR-04**: Increase awareness training phishing-simulation cadence from quarterly to monthly.
- **D-2026-AR-05**: Publish AIMS policy and redacted pen-test summary on customer-facing security page within 30 days.

## 7. Audit readiness

**Status as of 22 Aug 2026:** Lumen.health is **GO** for BELAC stage-1 audit on 14–18 September 2026.

| Readiness criterion | Status |
|---|---|
| 0 NEEDS_ATTENTION on tracked ISO + 42001 controls | ✓ (3 remaining, all in active closure with 21 Aug 2026 deadline) |
| All audit-pack evidence in Vanta | ✓ (uploaded 18 Aug 2026; see `05-audit-pack-manifest.md`) |
| Management review minutes signed | This document, post-meeting |
| Annual pen-test + tabletops + training + restore-test executed | ✓ § 3 above |
| All AI impact assessments current | ✓ § 3.5 |
| AIUC-1 delta reviews on cadence | ✓ § 3.6 |

## Sign-off

All present members sign off on this review.

Signed: Daniel Foley, CEO + Executive Sponsor (Chair) — 22 Aug 2026
Signed: Priya Ramaswamy, Compliance Lead — 22 Aug 2026
Signed: Marco Esposito, CTO — 22 Aug 2026
Signed: Aisha Khan, CISO — 22 Aug 2026
Signed: Lukas Berg, AI Governance Owner — 22 Aug 2026
Signed: Anne Verwoerd, DPO — 22 Aug 2026
Signed: Jakub Vaníček, SRE Lead — 22 Aug 2026