Operation
1) Nonconformity and corrective action.
2) Continual improvement.
3) Information security objectives.
4) Management review.
5) Internal audit.
6) Monitoring and measurement.
7) Evaluation of compliance.
8) Corrective and preventive actions.