Clause 8 - Operation

Operation: This clause covers the day-to-day operation of the ISMS. It requires organisations to implement the controls identified in their risk treatment plan and to monitor and review the effectiveness of those controls. It also requires organisations to establish processes for incident management, business continuity, and regular testing and evaluation of the ISMS.