DraftInternalISO 9001ISO 14001ISO 27001

SW-IMS-PRO-006

Monitoring and Measurement Procedure

Version

1.0

Owner

IMS Owner

Effective Date

TBD

Review Date

TBD

Monitoring and Measurement Procedure

Document ID: SW-IMS-PRO-006-v1.0
Effective Date: [TBD]
Review Date: [TBD]
Owner: IMS Owner
Approved by: [TBD]

1. Purpose

This procedure establishes a systematic approach to monitoring, measuring, analyzing, and evaluating the performance of Swedwise's Integrated Management System (IMS) and its processes. It ensures:

Key processes are monitored and measured against defined criteria
Performance data is collected accurately and consistently
Data is analyzed to identify trends and areas for improvement
Management decisions are based on objective evidence
Customer satisfaction, environmental performance, and information security are tracked
Compliance with ISO 9001, ISO 14001, and ISO 27001 requirements is demonstrated
SaaS service performance meets SLA commitments

2. Scope

This procedure applies to:

IMS process performance: Effectiveness and efficiency of IMS processes
Quality performance: Customer satisfaction, service delivery, project outcomes
Environmental performance: Energy use, emissions, waste, resource consumption
Information security performance: Security incidents, control effectiveness, vulnerabilities
SaaS service metrics: Uptime, availability, response times, incident resolution
Strategic objectives: Progress toward organizational objectives
Compliance: Adherence to legal, regulatory, and contractual requirements

This procedure applies to all Swedwise locations, all management systems (QMS, EMS, ISMS), and all business activities.

3. Definitions

Term	Definition
Monitoring	Ongoing or periodic observation to track performance or status.
Measurement	Process to determine a quantitative or qualitative value.
KPI (Key Performance Indicator)	Measurable value that demonstrates effectiveness in achieving key objectives.
Metric	A standard of measurement; a quantifiable measure.
Target	Desired level of performance (goal).
Threshold	Minimum acceptable level of performance.
Baseline	Starting point or reference for comparison.
Trend	General direction in which performance is moving over time.
Leading Indicator	Predictive metric that forecasts future performance.
Lagging Indicator	Historical metric that reports past performance.
Dashboard	Visual display of key metrics for quick assessment.
Data Collection	Process of gathering information for analysis.
Data Analysis	Examination of data to identify patterns, trends, and insights.
SLA (Service Level Agreement)	Commitment to a specific level of service performance.

4. Monitoring and Measurement Framework

4.1 Types of Monitoring

Swedwise employs three types of monitoring:

Type	Description	Frequency	Examples
Continuous	Real-time or near real-time monitoring	Ongoing	SaaS uptime, security alerts, system health
Periodic	Scheduled measurements at regular intervals	Daily, weekly, monthly, quarterly	Customer satisfaction surveys, energy consumption, audit schedules
Event-Based	Triggered by specific events or conditions	As needed	Incident response time, change success rate, project completion

4.2 Measurement Levels

Performance is measured at multiple levels:

┌─────────────────────────────────────────────────┐
│         STRATEGIC LEVEL                          │
│  (Organizational objectives and targets)         │
└─────────────────┬───────────────────────────────┘
                  │
┌─────────────────▼───────────────────────────────┐
│         PROCESS LEVEL                            │
│  (Process effectiveness and efficiency)          │
└─────────────────┬───────────────────────────────┘
                  │
┌─────────────────▼───────────────────────────────┐
│         OPERATIONAL LEVEL                        │
│  (Activities, outputs, and immediate results)    │
└──────────────────────────────────────────────────┘

4.3 Balanced Scorecard Approach

Metrics are organized into four perspectives:

Perspective	Focus	Example Metrics
Customer	Customer satisfaction and value delivery	NPS, customer complaints, project success rate
Financial	Financial health and sustainability	Revenue, profitability, project margins
Internal Process	Process effectiveness and efficiency	Cycle time, defect rate, resource utilization
Learning & Growth	People, innovation, and organizational capability	Training hours, employee satisfaction, certifications

5. Key Performance Indicators (KPIs)

5.1 Strategic KPIs

Organizational-level indicators aligned with strategic objectives:

KPI	Objective	Target	Measurement Frequency	Owner
Customer Satisfaction (NPS)	Delight customers	NPS ≥ 50	Quarterly	Quality Lead
SaaS Uptime	Reliable service delivery	≥ 99.9%	Real-time/Monthly	SaaS Operations Lead
Revenue Growth	Business sustainability	+10% YoY	Quarterly	CFO
Employee Engagement	Attract and retain talent	Engagement score ≥ 75%	Annual	HR Lead
Carbon Footprint	Reduce environmental impact	-5% YoY	Quarterly	Environmental Lead
Security Incident Rate	Protect information assets	< 2 major incidents/year	Monthly	CISO
IMS Audit Conformity	Maintain certifications	Zero major findings	Per audit	IMS Owner

5.2 Quality Management KPIs (ISO 9001)

KPI	Target	Measurement Frequency	Data Source	Owner
Customer Complaints	< 5 per quarter	Monthly	Complaint register	Quality Lead
On-Time Project Delivery	≥ 90%	Monthly	Project management system	PMO
Service Quality Score	≥ 8/10	Per project	Customer feedback surveys	Quality Lead
Project Budget Variance	±10%	Per project	Financial system	PMO
Customer Retention Rate	≥ 95%	Quarterly	CRM system	Customer Success
First-Time Fix Rate	≥ 85%	Monthly	Support ticket system	Support Lead
Consultant Utilization	70-85%	Monthly	Resource management system	Resource Manager
Training Completion Rate	100% for mandatory	Quarterly	LMS	Training Coordinator

5.3 Environmental Management KPIs (ISO 14001)

KPI	Target	Measurement Frequency	Data Source	Owner
Office Energy Consumption	-3% YoY	Quarterly	Energy bills	Environmental Lead
Business Travel Emissions (CO2e)	-5% YoY	Quarterly	Travel booking system	Environmental Lead
Remote Work Percentage	≥ 60%	Monthly	HR system	HR Lead
Paper Consumption	-10% YoY	Quarterly	Office supplies log	Office Manager
E-Waste Recycling Rate	100%	Annual	Waste disposal records	Environmental Lead
Cloud Infrastructure Energy Efficiency	Monitor trend	Quarterly	Cloud provider reports	SaaS Operations Lead
Environmental Incidents	Zero	Monthly	Incident register	Environmental Lead

5.4 Information Security KPIs (ISO 27001)

KPI	Target	Measurement Frequency	Data Source	Owner
Security Incidents (Major)	< 2 per year	Monthly	Incident register	CISO
Security Incidents (Minor)	< 10 per year	Monthly	Incident register	CISO
Phishing Simulation Click Rate	< 5%	Quarterly	Security awareness platform	CISO
Vulnerability Patching Time (Critical)	< 7 days	Weekly	Vulnerability scanner	IT Manager
Vulnerability Patching Time (High)	< 30 days	Monthly	Vulnerability scanner	IT Manager
Multi-Factor Authentication (MFA) Adoption	100% for staff	Monthly	Identity provider	CISO
Access Review Completion	100% quarterly	Quarterly	Access management system	CISO
Backup Success Rate	100%	Daily	Backup system	IT Manager
Security Training Completion	100% annually	Quarterly	LMS	CISO
Days Since Last Security Incident	Maximize	Continuous	Incident register	CISO

5.5 SaaS Service KPIs

KPI	Target	Measurement Frequency	Data Source	Owner
Service Availability (Uptime)	≥ 99.9%	Real-time/Monthly	Monitoring system	SaaS Operations Lead
Incident Response Time (Critical)	< 15 minutes	Per incident	Ticketing system	SaaS Operations Lead
Incident Resolution Time (Critical)	< 4 hours	Per incident	Ticketing system	SaaS Operations Lead
Incident Response Time (High)	< 1 hour	Per incident	Ticketing system	SaaS Operations Lead
Incident Resolution Time (High)	< 24 hours	Per incident	Ticketing system	SaaS Operations Lead
Change Success Rate	≥ 95%	Monthly	Change management system	SaaS Operations Lead
Customer Support Satisfaction	≥ 4.5/5	Per ticket	Support survey	Support Lead
Mean Time to Detect (MTTD)	< 5 minutes	Monthly	Monitoring system	SaaS Operations Lead
Mean Time to Resolve (MTTR)	< 2 hours (P1)	Monthly	Ticketing system	SaaS Operations Lead
API Response Time (95th percentile)	< 200ms	Real-time	Application monitoring	SaaS Operations Lead

6. Monitoring and Measurement Process

6.1 Step 1: Define What to Measure

Inputs:

Strategic objectives and targets
Process performance requirements
Customer requirements and SLAs
Legal and regulatory requirements
Risk assessment results
Stakeholder expectations

Activities:

Identify Critical Success Factors
- What must go right for success?
- What are the most important outcomes?
Select Appropriate KPIs
- SMART criteria: Specific, Measurable, Achievable, Relevant, Time-bound
- Balance leading and lagging indicators
- Ensure alignment with objectives

Define Measurement Criteria

Element	Description
KPI Name	Clear, descriptive name
Definition	What exactly is being measured
Formula	How is it calculated
Target	Desired performance level
Threshold	Minimum acceptable level
Frequency	How often is it measured
Data Source	Where does data come from
Owner	Who is responsible
Review Frequency	How often is KPI itself reviewed

Document in KPI Register
- All KPIs documented in KPI Register (SW-IMS-REG-004)
- Approved by IMS Owner and relevant leads

6.2 Step 2: Collect Data

Data Collection Methods:

Method	When to Use	Examples
Automated Collection	High-frequency, system-generated data	Server uptime, transaction volumes, energy meters
Manual Recording	Periodic observations, inspections	Office waste audits, training records
Surveys	Subjective feedback, satisfaction	Customer NPS, employee engagement
Interviews	Qualitative insights	Customer feedback sessions, exit interviews
Inspections/Audits	Compliance verification	Internal audits, process audits
Logs and Registers	Event recording	Incident logs, complaint registers, risk registers

Data Quality Requirements:

Data must be:

Accurate: Free from errors
Complete: All required data captured
Consistent: Collected using same method each time
Timely: Available when needed for decision-making
Relevant: Directly related to what's being measured
Valid: Measures what it's supposed to measure

Responsibilities:

Role	Responsibility
KPI Owner	Define data collection method, ensure data quality
Data Collector	Collect data according to procedure, record accurately
IMS Owner	Audit data collection processes, maintain KPI Register

Data Storage:

Centralized data repository (e.g., SharePoint, database, data warehouse)
Version-controlled and backed up
Access-controlled based on data classification

6.3 Step 3: Analyze Data

Analysis Techniques:

Trend Analysis

Plot data over time
Identify patterns: improving, stable, declining
Determine rate of change
Forecast future performance

Statistical Analysis

Calculate mean, median, mode
Determine standard deviation and variance
Identify outliers
Perform correlation analysis

Comparative Analysis

Compare to targets and thresholds
Compare to previous periods
Benchmark against industry standards
Compare across locations or teams

Root Cause Analysis (if performance is off-target)

Use 5 Whys, Fishbone diagrams (see SW-IMS-PRO-003)
Identify contributing factors
Link to process weaknesses or external factors

Analysis Frequency:

Data Type	Analysis Frequency	Responsible
Real-time metrics	Continuous (automated alerts)	System/Operations
Daily metrics	Weekly	KPI Owner
Weekly metrics	Monthly	KPI Owner
Monthly metrics	Quarterly	KPI Owner + IMS Owner
Quarterly metrics	Per quarter + annually	Management Team
Annual metrics	Annually	Management Team

Tools:

Dashboards (Power BI, Tableau, Grafana)
Spreadsheets (Excel, Google Sheets)
Statistical software (if needed)
IMS platform analytics

6.4 Step 4: Evaluate Performance

Evaluation Questions:

Are we meeting targets?
- Compare actual performance to targets
- Identify gaps
Are we improving?
- Compare to previous periods
- Assess trend direction
Are we compliant?
- Check against legal/regulatory requirements
- Verify SLA compliance
Are processes effective?
- Assess if processes achieve intended results
- Determine if objectives are being met
Are processes efficient?
- Evaluate resource utilization
- Identify waste or inefficiencies
What are the risks?
- Identify performance-related risks
- Assess likelihood of continued underperformance

Evaluation Outcomes:

Outcome	Definition	Action Required
Exceeding Target	Performance significantly above target	Understand why; consider raising target; share best practices
Meeting Target	Performance at or near target	Maintain; monitor for changes
Below Target	Performance below target but above threshold	Investigate causes; plan improvements
Below Threshold	Performance below minimum acceptable	Immediate corrective action required (SW-IMS-PRO-003)
Negative Trend	Declining performance over time	Investigate; plan corrective actions

6.5 Step 5: Report and Communicate

Reporting Structure:

Operational Dashboards (Real-time/Daily)

Audience: Operations teams, process owners
Content: Current performance, alerts, operational metrics
Format: Visual dashboards (monitors, web)
Frequency: Continuous/Real-time

Management Reports (Monthly/Quarterly)

Audience: Department heads, management team
Content: KPI summary, trends, issues, actions
Format: Executive summary with supporting details
Frequency: Monthly or quarterly
Includes:
- Performance summary (RAG status: Red/Amber/Green)
- Key trends and insights
- Variances from targets with explanations
- Actions taken or planned
- Resource needs

Management Review Input (Quarterly/Annual)

Audience: Top management, certification auditors
Content: Comprehensive performance review
Format: Formal management review report
Frequency: Quarterly minimum
Includes:
- All strategic KPIs
- IMS effectiveness assessment
- Progress on objectives
- Compliance status
- Improvement opportunities

Communication Channels:

Email reports
Dashboard links
Team meetings
Management review meetings
Town halls (for organizational-level results)
Intranet/IMS platform

RAG Status Indicators:

Status	Color	Criteria
Green	🟢	Performance meets or exceeds target
Amber	🟠	Performance below target but above threshold; requires attention
Red	🔴	Performance below threshold; immediate action required

6.6 Step 6: Take Action

Action Decision Logic:

Is performance meeting target?
├── YES → Continue current approach
│         Monitor for changes
│         Share best practices
│
└── NO → Is performance above threshold?
          ├── YES (Amber) → Investigate causes
          │                 Plan improvements
          │                 Monitor closely
          │                 Implement enhancements
          │
          └── NO (Red) → Initiate Corrective Action (SW-IMS-PRO-009)
                        Escalate to management
                        Implement immediate actions
                        Root cause analysis

Types of Actions:

Performance Situation	Action Type	Procedure
Consistently exceeding target	Optimization, best practice sharing	Continual Improvement (SW-IMS-PRO-010)
Meeting target	Maintain, monitor	This procedure
Below target (Amber)	Improvement initiative	Continual Improvement (SW-IMS-PRO-010)
Below threshold (Red)	Corrective action	Corrective Action (SW-IMS-PRO-009)
Negative trend	Proactive intervention	Risk Assessment (SW-IMS-PRO-002)

Action Tracking:

Actions logged in Action Register
Assigned to owners with deadlines
Tracked to completion
Effectiveness verified

7. Customer Satisfaction Monitoring

7.1 Customer Satisfaction Methods

Method	Frequency	Target Audience	Metric
Net Promoter Score (NPS) Survey	Quarterly	All active customers	NPS ≥ 50
Post-Project Survey	After each project	Project customers	Satisfaction ≥ 8/10
Quarterly Business Review (QBR)	Quarterly	Key accounts	Qualitative feedback
Customer Complaints	Ongoing	All customers	< 5 per quarter
Customer Retention Rate	Quarterly	All customers	≥ 95%
Support Ticket Satisfaction	Per ticket (optional)	Support users	≥ 4.5/5

7.2 NPS Survey Process

Step 1: Send Survey

Quality Lead sends NPS survey quarterly (Jan, Apr, Jul, Oct)
Survey includes:
- NPS question: "How likely are you to recommend Swedwise to a colleague or friend?" (0-10 scale)
- Follow-up: "What is the primary reason for your score?"
- Optional: Specific service feedback

Step 2: Calculate NPS

Promoters (9-10): Enthusiastic advocates
Passives (7-8): Satisfied but unenthusiastic
Detractors (0-6): Unhappy customers

Formula: NPS = % Promoters - % Detractors

Example:

100 responses: 60 Promoters, 30 Passives, 10 Detractors
NPS = 60% - 10% = 50

Step 3: Analyze Feedback

Review open-ended comments
Categorize themes (service quality, communication, value, etc.)
Identify trends

Step 4: Follow Up

Contact Detractors within 5 business days
Understand concerns and address issues
Convert to Corrective Action if needed

Step 5: Report

Include in quarterly management report
Share with leadership team
Communicate results to organization (anonymized)

7.3 Complaint Handling

Covered by separate Customer Complaint Procedure (when created).

Link to Monitoring:

All complaints logged in Complaint Register
Complaint metrics tracked as KPIs
Trends analyzed quarterly
Root causes addressed via Corrective Action Procedure

8. Environmental Performance Monitoring

8.1 Significant Environmental Aspects

Monitor aspects identified in Risk Assessment Procedure (SW-IMS-PRO-002):

Aspect	Monitoring Method	Frequency	Owner
Office energy consumption	Energy bills (kWh)	Quarterly	Environmental Lead
Business travel emissions	Travel booking system, carbon calculator	Quarterly	Environmental Lead
Remote work rate	HR system	Monthly	HR Lead
Paper consumption	Office supplies log	Quarterly	Office Manager
E-waste	Disposal records	Annual	Environmental Lead
Cloud infrastructure energy	Provider reports	Quarterly	SaaS Operations Lead

8.2 Carbon Footprint Calculation

Scope 1: Direct emissions (minimal for Swedwise - no company vehicles)
Scope 2: Indirect emissions from purchased energy (office electricity)
Scope 3: Other indirect emissions (business travel, cloud services, commuting)

Calculation:

Use emission factors from reputable sources (IEA, DEFRA, EPA)
Convert activities to CO2 equivalents (CO2e)
Report annually in tonnes CO2e

Target: -5% YoY reduction

8.3 Compliance Monitoring

Track legal register for environmental requirements
Verify compliance quarterly
Document compliance evidence
Report violations immediately

9. Information Security Performance Monitoring

9.1 Security Incident Tracking

All security incidents logged and tracked:

Incident Severity	Response Time Target	Resolution Time Target	Escalation
Critical	15 minutes	4 hours	Immediate to CISO + Management
High	1 hour	24 hours	CISO
Medium	4 hours	5 business days	IT Manager
Low	1 business day	10 business days	IT Manager

Metrics:

Number of incidents by severity
Average response/resolution time
Incident recurrence rate
Trends by incident type

9.2 Vulnerability Management Monitoring

Vulnerability scans: Monthly
Patch compliance: Weekly tracking
Metrics:
- Number of vulnerabilities by severity
- Mean time to patch (critical, high, medium)
- Patch compliance rate

9.3 Access Management Monitoring

Quarterly access reviews (100% completion)
MFA adoption rate
Privileged account usage logs
Failed login attempts

9.4 Security Awareness Monitoring

Training completion rate (100% annually)
Phishing simulation click rate (< 5%)
Security incident reports from staff (encourage reporting)

10. SaaS Service Performance Monitoring

10.1 Real-Time Monitoring

Tools:

Application Performance Monitoring (APM)
Infrastructure monitoring (servers, network, databases)
Log aggregation and analysis
Synthetic transaction monitoring
User experience monitoring

Automated Alerts:

Service downtime
Performance degradation (response time, error rate)
Security threats
Capacity thresholds
Failed backups

On-Call Rotation:

24/7 coverage for critical systems
Escalation procedures defined
Response time targets enforced

10.2 SLA Reporting

Monthly SLA Report:

Uptime percentage (target ≥ 99.9%)
Incident summary (count, severity, resolution)
Performance metrics (response time, throughput)
Planned downtime (maintenance windows)
SLA compliance status
Service credits issued (if applicable)

Distribution:

SaaS customers (monthly)
Internal management (monthly)
Compliance records (retained)

11. Inputs and Outputs

Inputs

Strategic objectives and targets
Process definitions and requirements
Customer requirements and SLAs
Risk assessment results
Audit findings
Previous performance data
Industry benchmarks
Stakeholder expectations

Outputs

KPI Register (SW-IMS-REG-004)
Performance data and metrics
Dashboards and reports
Management review input
Corrective action requests (if performance issues)
Improvement opportunities
Objective evidence of IMS effectiveness
Compliance evidence

12. Roles and Responsibilities

Role	Responsibilities
IMS Owner	- Maintain this procedure and KPI Register - Coordinate monitoring and measurement activities - Compile management review input - Monitor overall IMS performance - Identify performance gaps and improvement opportunities - Report to Management Team
KPI Owners	- Define their KPIs and measurement criteria - Ensure data collection and quality - Analyze performance data - Report performance to IMS Owner - Initiate actions for underperformance - Review and update KPIs as needed
Data Collectors	- Collect data according to procedures - Ensure data accuracy and timeliness - Record data in designated systems - Report collection issues to KPI Owner
Management Team	- Review performance in management review - Set and approve targets - Allocate resources for improvement - Make strategic decisions based on data
Quality Lead	- Own quality KPIs - Monitor customer satisfaction - Coordinate customer surveys - Report quality performance
Environmental Lead	- Own environmental KPIs - Monitor environmental aspects - Calculate carbon footprint - Report environmental performance
CISO	- Own information security KPIs - Monitor security metrics - Analyze security incidents and trends - Report security performance
SaaS Operations Lead	- Own SaaS service KPIs - Monitor service availability and performance - Report SLA compliance - Manage monitoring tools
All Employees	- Provide data when requested - Use data to improve their work - Report performance issues - Participate in surveys

13. Records to Maintain

Record	Retention Period	Location	Owner
KPI Register (SW-IMS-REG-004)	Current + 3 years	IMS Repository	IMS Owner
Performance data and metrics	5 years	Data repository	KPI Owners
Dashboards and reports	3 years	IMS platform	IMS Owner
Customer satisfaction surveys	5 years	Survey platform / CRM	Quality Lead
SLA reports	7 years (contractual)	Customer portal / archive	SaaS Operations Lead
Environmental monitoring data	7 years (legal requirement)	Environmental records	Environmental Lead
Security incident metrics	7 years	Security incident register	CISO
Management review inputs	5 years	Management review records	IMS Owner

SW-IMS-POL-001 - Integrated Management System Policy
SW-IMS-PRO-002 - Risk Assessment Procedure
**SW-IMS-PRO-009 - Corrective Action Procedure
**SW-IMS-PRO-010 - Continual Improvement Procedure
**SW-IMS-PRO-011 - Context and Interested Parties Procedure
SW-IMS-PRO-XXX - Management Review Procedure (when created)
SW-IMS-PRO-XXX - Customer Complaint Procedure (when created)
SW-IMS-REG-004 - KPI Register

15. Continuous Improvement

This procedure is subject to continuous improvement:

KPIs reviewed annually for relevance
Data collection methods optimized based on efficiency
Dashboards enhanced based on user feedback
Automation increased where feasible
Benchmarking against industry standards

Suggestions for improvement should be submitted using the Improvement Suggestion Form (SW-IMS-FRM-002).

Appendix A: KPI Definition Template

Use this template when defining a new KPI:

Element	Description
KPI Name	Clear, descriptive name
KPI ID	Unique identifier (e.g., KPI-QMS-001)
Category	Strategic / Quality / Environmental / Security / SaaS / Financial / Process
Objective Alignment	Which strategic objective does this support?
Definition	What exactly is being measured?
Formula	How is it calculated? (include units)
Target	Desired performance level
Threshold	Minimum acceptable level
Baseline	Starting point or historical average
Data Source	Where does data come from?
Collection Method	Automated / Manual / Survey / Inspection
Collection Frequency	How often is data collected?
Analysis Frequency	How often is data analyzed?
Reporting Frequency	How often is it reported?
Owner	Who is responsible for this KPI?
Audience	Who needs to see this KPI?
Related KPIs	Which other KPIs are related?
Review Date	When will KPI definition be reviewed?

Appendix B: Performance Dashboard Example

Swedwise IMS Performance Dashboard (Example)

Strategic Overview (Q2 2025)

KPI	Target	Actual	Status	Trend
Customer Satisfaction (NPS)	≥ 50	58	🟢	↗️
SaaS Uptime	≥ 99.9%	99.95%	🟢	→
Revenue Growth (YoY)	+10%	+12%	🟢	↗️
Carbon Footprint Reduction	-5% YoY	-3%	🟠	↗️
Security Incidents (Major)	< 2/year	0 YTD	🟢	→

Quality Performance

KPI	Target	Actual	Status
Customer Complaints	< 5/quarter	3	🟢
On-Time Delivery	≥ 90%	94%	🟢
Service Quality Score	≥ 8/10	8.3	🟢
Project Budget Variance	±10%	+5%	🟢

Environmental Performance

KPI	Target	Actual	Status
Energy Consumption	-3% YoY	-2%	🟠
Travel Emissions	-5% YoY	-4%	🟠
Remote Work %	≥ 60%	68%	🟢

Information Security Performance

KPI	Target	Actual	Status
Security Incidents (Major)	< 2/year	0 YTD	🟢
MFA Adoption	100%	98%	🟠
Phishing Click Rate	< 5%	3%	🟢
Vulnerability Patching (Critical)	< 7 days	4 days avg	🟢

Document Control

Version	Date	Author	Changes
1.0	[TBD]	[Author]	Initial release

Approval

Role	Name	Signature	Date
IMS Owner
Management Team Representative