Improvement management is the workflow for capturing, prioritising, and closing improvements to your ISMS — wherever they come from: audits, incidents, management reviews, or anyone in the organisation with an idea. The continual-improvement loop that ISO 27001 clause 10 (and similar) require.
🆕 What's new: The Improvement management workflow brings together what used to be spread across themed lists. Your existing improvements, owners, and closure records are all here, exactly as they were — just on one focused page.
Setting it up
Improvement management is an Advanced workflow — there's no separate guided setup. The workflow is available directly; configuration happens inline on the page when relevant. New improvements typically arrive automatically from upstream workflows (audits, incidents, management reviews), so the workflow earns its setup the moment something flows in for the first time.
What's on the page
Main metrics
The header carries three views of how your improvement loop is doing:
- Created & closed improvements over time — a monthly trend chart
- This year, against your goals — e.g. 29 / 40 created, 17 / 30 closed
- Improvements verified effective — % of closed improvements that proved out, shown against goal (e.g. 90% vs goal 80%, +10% above goal)
Actions to focus on
A prioritised list of what to handle next, grouped into three buckets:
- Unblock — issues stopping the workflow from running properly. For Improvement management: Identify first improvement, Improvement without an owner, and Overdue improvements.
- Strengthen — recommended next moves to make this workflow more robust. Items like Set due date for active improvements, Review active improvements, and Add more incidents (when below metric — incidents feed improvement intake).
- Maintain — scheduled reviews and check-ins on what's already in place. Review closed improvements.
Clicking into a bucket opens a focused list — you can resolve, refine, or check off each item without leaving the workflow page.
Documentation
The documentation that backs your improvement practice:
- Improvements — identify and track ISMS improvements as they're raised
- Non-conformities — non-conformities flowing in from audits and connected workflows
Each documentation row shows the total item count, items still to work on, the related ISMS theme, and the responsible owner.
Tasks
Below the documentation, the workflow page lists the operational tasks — for example, continuous improvement and documentation, and treatment process and documentation of identified non-conformities. Each task shows its theme, status (Untreated / Partly done / Mostly done / Fully done), owner, priority (Low / Normal / High / Critical), and due date.
Reports
The audit-ready output Improvement management produces:
- Monthly management report — an overview of improvement-management activity, outcomes, and progress for the period
Reports refresh from your live data, so they're always current.
How it connects to other workflows
This is the workflow that collects work from other workflows. New improvements arrive automatically from Internal audits (findings), Incident management (lessons learned), and Management reviews (review actions). Closed improvements are visible to those source workflows too.
