15. Interested Parties Information Security Requirements & Expectations PLAN Establish ISMS CHECK Monitor & Review ISMS ACT Maintain & Improve Management Responsibility ISMS PROCESS PDCA Process Interested Parties Managed Information Security DO Implement & Operate the ISMS
16. Information Security Policy Organisation of Information Security Asset Management Human Resource Security Physical Security Communication & Operations Management Access Control System Development & Maintenance Incident Management Business Continuity Planning Compliance Confidentiality Integrity Availability