Context of the organization
1) Understanding the organization and its context.
2) Understanding the needs and expectations of interested parties.
3) Determining the scope of the ISMS.
4) ISMS risk assessment.
5) ISMS risk treatment.
6) Monitoring and reviewing the ISMS.