LOGBOOK

HELP

Quiz Entry - updated: 2026.06.04

What belongs to the KVP phase of an ISMS, and why does the cycle end with a report to management?

Kontrolle, Sanktionen, KVP, Audit, and Bericht an GL — closing the loop back to the management that started it.

  • Kontrolle — ongoing checking that measures are implemented and effective
  • Sanktionen — defined consequences for violations; rules without consequences are recommendations
  • KVP — continuous improvement of measures and documents based on findings
  • Audit — independent verification (internal audit, possibly external/certification audit)
  • Bericht an GL — regular reporting to executive management

Why the report matters: the GL issued the mandate and owns the residual risk — so it must regularly learn whether its risk position is what it believes. This is also an ISO 27001 hard requirement ("management review", clause 9.3). The loop GL → ISMS → GL is what makes security a management system rather than an IT hobby.

From Quiz: ISM / Policies, Concepts & Guidelines | Updated: Jun 04, 2026