![Adoptech-logo-GreyWithoutStrapline-1.png]](https://knowledge.adoptech.co.uk/hs-fs/hubfs/Adoptech-logo-GreyWithoutStrapline-1.png?height=39&name=Adoptech-logo-GreyWithoutStrapline-1.png){kind=logo}
What items should I add to the Communication Matrix in my Manual?
It is a requirement that top management maintains adequate internal and external communication related to your management system(s). You will find below examples you can add to the Communication section in your Manual, whether it is 27001, 42001 or a Combined Manual.
ISO 27001 Manual
Here are some examples of internal and external communication related to your ISMS that the Auditor will expect to see in your Communication Matrix:
|
What |
When |
To Whom |
Owner |
How |
|
IS Policies |
Induction |
New starters |
CEO |
Induction training |
|
IS Policies |
Continuous |
All staff |
CEO |
Policies on Adoptech |
|
IS Objectives |
Annually |
All staff |
CEO |
Document shared via Adoptech |
|
Performance towards objectives |
Quarterly |
Management Team |
CEO |
Management review meeting |
|
Customer complaint relating to IS |
When received |
Those involved with supply and all staff |
CTO |
Support Ticket |
|
Information Security Awareness training |
Annually |
All staff |
CTO |
|
|
IS Management System changes |
After a change is authorised |
All affected staff |
CTO |
One to one training with all those involved |
|
Information Security Breach and loss of personal data. |
Within 72 hours of a breach being detected |
ICO |
CEO |
Best possible route, by phone or on-line |
|
Threat intelligence |
As it is received |
All affected staff |
ISMS Manager |
Slack Channel/Email |
Combined Manual: ISO 27001 & ISO 90021
Below are some examples of internal and external communication related to your IMS that the Auditor will expect to see:
|
What |
When |
To Whom |
Owner |
How |
|
IMS Policies |
Induction |
New starters |
CEO |
Induction training |
|
IMS Policies |
Continuous |
All staff |
CEO |
Policies on Adoptech |
|
IMS Objectives |
Annually |
All staff |
CEO |
Document shared via Adoptech |
|
Performance towards objectives |
Quarterly |
Management Team |
CEO |
Management review meeting |
|
Customer complaints |
When received |
Those involved with supply and all staff |
IMS Manager |
Support Ticket |
|
Information Security Awareness training |
Annually |
All staff |
CTO |
|
|
IMS changes |
After a change is authorised |
All affected staff |
IMS Manager |
One to one training with all those involved |
|
Information Security Breach and loss of personal data. |
Within 72 hours of a breach being detected |
ICO |
CEO |
Best possible route, by phone or on-line |
|
Threat intelligence |
As it is received |
All affected staff |
ISMS Manager |
Slack Channel/Email |
Combined Manual: ISO 27001, ISO 90021 & ISO 14001
Below are examples of internal and external communication related to your IMS that the Auditor will expect to see:
|
What |
When |
To Whom |
Owner |
How |
|
IMS Policies |
Induction |
New starters |
CEO |
Induction training |
|
IMS Policies |
Continuous |
All staff |
CEO |
Policies on Adoptech |
|
IMS Objectives |
Annually |
All staff |
CEO |
Document shared via Adoptech |
|
Performance towards objectives |
Quarterly |
Management Team |
CEO |
Management review meeting |
|
Customer complaints |
When received |
Those involved with supply and all staff |
IMS Manager |
Support Ticket |
|
Information Security Awareness training |
Annually |
All staff |
CTO |
|
|
IMS changes |
After a change is authorised |
All affected staff |
IMS Manager |
One to one training with all those involved |
|
Information Security Breach and loss of personal data. |
Within 72 hours of a breach being detected |
ICO |
CEO |
Best possible route, by phone or on-line |
|
Threat intelligence |
As it is received |
All affected staff |
ISMS Manager |
Slack Channel/Email |
ISO 42001 Manual
Below are some examples of internal and external communication related to your AIMS that the Auditor will expect to see:
|
What |
When |
To Whom |
Owner |
How |
|
AI Policies |
Induction |
New starters |
AIMS Manager |
Induction training / Adoptech |
|
AI Policies |
When updated |
All staff |
AIMS Manager |
Adoptech portal |
|
AIMS Objectives |
Annually |
All staff |
CEO |
Document shared via Adoptech |
|
Performance toward AI objectives |
Quarterly |
Management Team |
CEO |
AIMS Management Review Meeting |
|
AI Awareness Training |
Annually |
All staff |
CTO |
Email / Training platform |
|
Specialised AI Lifecycle Training |
When required |
Staff involved in AI design, development, validation, deployment, monitoring |
CTO |
Internal channels / Training sessions / Adoptech |
|
AI Risk Assessment outcomes |
After risk assessment or review |
Management Team |
AIMS Manager |
Risk Review Meeting |
|
AI Impact Assessment outcomes |
Prior to deployment of high-impact AI systems |
Relevant staff & Management |
AIMS Manager |
Adoptech / Review Meeting |
|
AI System changes (model updates, retraining, data changes) |
After approval of the change |
All affected staff |
Model Owner / CTO |
One-to-one briefing or team communication |
|
AI Incident or Adverse Impact Notification |
As soon as identified |
Management Team & relevant stakeholders |
AIMS Manager |
Support ticket / phone / email (depending on severity) |
|
Regulatory, legal, or ethical AI obligations |
When changed |
All affected staff |
Compliance Lead |
Internal channels / Email / Adoptech update |
|
AI Supplier / Third-Party AI notifications |
When relevant |
Procurement, AIMS Manager, Model Owners |
Procurement Lead |
Internal channels (Slack, Email, Jira ticket, or Adoptech |
|
Monitoring results (drift, bias, performance) |
After each monitoring cycle |
Model Owners & AIMS Manager |
Model Owner |
Adoptech / Monitoring dashboard |
|
External reporting requirements (e.g., regulatory AI incident reporting) |
Within required reporting timeframes |
Applicable regulator or authority |
CEO or Compliance Lead |
Best available route (phone, online portal) |