Step 4: ACT: Operations and ongoing improvements

The next step in improving your security

After the evaluation phase, it’s time to start thinking about next year, with a focus on the following:

  • Managing specific local security incidents and taking the appropriate steps to react to them. 
  • Evaluation of such incidents if necessary; take corrective action in regard to the consequence to avoid repetitions. 
  • Local follow-up to ensure that the above procedure works in practice. 
  • Ongoing improvement with focus on selected new activities that you will focus on in the coming year.

Document your activities

There are a few formal requirements that apply to documentation. For example, documents must be written and updated in accordance with a structured process.
This means that it is necessary to:

  • have adopted a file naming convention
  • decided on concrete document metadata
  • decided on acceptable file formats.
  • There must also be a process for reviewing and approving the documentation.
  • There must be an audit trail for changes to the documentation.