4.

Context
4.1.Understanding org and context
How external, internal issues affect outcome of ISMS
4.2.Understanding needs and expectations of interested parties
Determine who r interested parties and their requirement from ISMS
4.3.Determine scope
Determine boundaries of ISMS based on external, internal issues,
interested parties requirements and relationship with activities of other
orgs
4.4ISMS
Establish, implement, continual improvement
5.Leadership
5.1.Leadership and commitment
a.Policy and objectives in line with strategic objectives
b.Integrate ISMS with processes
c.Availablity of resources
d. Communicating importance
e.Ensure outcome is achieved
f.Direct peoples support
g.continual improvement
h.support other management
5.2.Policy
a.Appropriate

b.Has IS objectives
c.Commitment to satisfy requirements of IS and continual
improvement
d.Available as document, communicated and also to interested parties

5.3.Organizational roles and resp

a.Ensure roles and responsibilities, ISMS conforms to International
Standards
b.Report performance to top management

6.Planning
6.1.Actions to address risk and opportunities
6.1.1General
a.Ensure outcome can be achieved, avoid undesired
effect, continual imp
b.Plan actions to address risk, how to integrated them and
evaluate effectiveness
6.1.2.Risk assessment
a.Risk criteria
b.Ensure consistent result from risk assessment
c.Use assessment to find risk and identify risk owners
d.Analyze risks in terms of likelihood, consequence and
level
e.Evaluate risk

6.1.3.Risk treatment
a.Options,controls and plan

6.2.Objectives and plans to achieve

a.Consistent,measurable,updated and communicated

7.Support
7.1.Resources
7.2.Competence
a.Is it based on qualifications, actions to improve competence,
documented information
7.3.Awareness
a.IS policy, their contribution and implications of not conforming
7.4.Communication-internal and external
7.5.Documented information
7.5.1.General
a.Documented information for IS and effectiveness of ISMS
7.5.2.Creating and updating
a.Identification, description, format, review and approval
7.5.3.Control of documented information
a.Available and suitable for use, protected
b.distribution, storage, retrieval, use, storage, preservation

8.Operation
Operational planning and control, risk assessment and treatment
9.Performance and Evaluation
9.1.Monitoring,measurement, analysis and calculation
9.2.Internal audit
9.3.Management review
10.Improvement
10.1.Nonconformity and corrective action
a.React to non-conformity
b.Evaluate need for action to eliminate cause
c.Implement
d.Review effectiveness
e.Make changes to ISMS
f.Retain documented information
10.2Continual improvement-suitability, adequacy and effectiveness of ISMS