The organization must operate, maintain, and continuously develop a security management system.
The boundaries and scope, contents, role, cumulative implementation information and other necessary descriptive information related to the management system must be clearly documented.
The ISMS should monitor the implementation of the tasks and guidelines recorded therein.
The task owner should regularly review the implementation status of the ISMS as a whole.