Planning
1) Risk assessment.
2) Risk treatment.
3) Statement of Applicability (SoA).
4) Implementation of controls.
5) Information security objectives and planning to achieve them.
6) Resources, roles, responsibilities, and authorities.
7) Awareness and training.
8) Communication.
9) Documentation.
10) Operational planning and control.