This clause of the standard requires the organisation to decide and allocate the correct and sufficient resources to implement and operate the ISMS. The organisation must ensure that the required amount of resources should be available to establish, implement, maintain and continual improvement of the ISMS.