Assigning roles and responsibilities

Implementing a password policy

Building a set of documentation

Conducting a gap analysis

A grace period for fixes

No further action required

Automatic recertification

Immediate certification

Regularly improving and updating the ISMS

Ignoring new regulations

Conducting only external audits

Focusing solely on password policies

To finalize the certification process

To eliminate all documentation

To compare current ISMS against new standards

To create new policies

Only the password policy

All relevant documentation

Just the ISMS manual

Only the risk assessment

Focusing only on external audits

Creating a new ISMS manual

Conducting internal audits

Ignoring the effectiveness matrix

Effectiveness matrix

ISMS manual

Risk policy

Statement of applicability