“The organisation shall establish, implement, maintain and continually improve an information security management system, in accordance with the requirements of this International Standard.”
In the sections above we defined what is needed for an ISMS and the final step in setting up an ISMS plainly mandates the organisation to establish, implement, maintain and continually improve its ISMS. Its critical to understand that the ISMS is an ongoing programme which needs constant proactive management and updating.