"So, I've finally achieved ISO 27001 certification! Now I can concentrate on other topics again. - 11 months later, you startle and the first surveillance audit is just around the corner. "What does that actually look like with the continuous improvement process? Have we already dealt with the auditor's notes? Wasn't there a safety incident 3 months ago? Have we done anything about that yet? Shouldn't the Russian antivirus software also be replaced? Who knows the current status? Oh, the colleague doesn't work for us anymore..."

Who hasn't experienced this? To achieve continuous improvement in your company, you should permanently record input from various sources, evaluate it and prioritize measures. But that's just the beginning, because the big cha ...