A regular review of the ISMS or individual components of an ISMS is necessary in order to continuously maintain the desired level of security and to be able to improve its maturity level.

With the help of internal audits, it is possible to react to changes within the surrounding conditions - for example, measures that have become ineffective can be uncovered or necessary adjustments of the ISMS to technological changes can be identified. In addition, regular internal audits are required to maintain existing certifications.