Annual Calendar Template
A well-planned annual calendar is essential for maintaining your ISO 27001 certification without last-minute stress.
Core ISMS Activities
| Activity | Frequency | Duration | Owner |
|---|---|---|---|
| Management Review | Annually | 2-4 hours | Top Management |
| Internal Audit | Annually | 1-5 days | Internal Auditor |
| Risk Assessment Review | Annually | 1-2 days | Risk Owner |
| External Audit | Annually | 1-5 days | All |
| Security Training | Ongoing | Varies | HR/Security |
| Policy Review | Annually | 2-4 days | Policy Owner |
| BC Testing | Annually | 1 day | BC Coordinator |
| Access Review | Quarterly | 2-4 hours | IT/Security |
Sample Calendar Flow
Q1 (Jan-Mar)
- January: Planning, objectives, training kickoff
- February: Internal audit prep and execution
- March: Internal audit completion, management review prep
Q2 (Apr-Jun)
- April: Management review, risk assessment update
- May: External audit preparation
- June: External audit execution, corrective actions
Q3 (Jul-Sep)
- July: Mid-year review, policy updates
- August: BC testing
- September: Access review, third-party assessments
Q4 (Oct-Dec)
- October: Policy finalization, budget planning
- November: Document retention review
- December: Year-end review, next year planning
Monthly Tasks
- Review security incidents
- Update incident log
- Security awareness communication
- Check backups
- Review access changes
- Patch management
- Monthly metrics
Quarterly Tasks
- Security metrics review
- Risk assessment check
- Corrective action review
- Access rights review
- Quarterly management update
Calendar Success Tips
- Work backwards from audit date
- Avoid peak business periods
- Build in buffer time
- Assign clear ownership
- Set reminders (90/30/7 days)
- Review and adjust quarterly
Next Lesson: Keeping documentation fresh and relevant.