6.2 Information security objectives

Clause 6.2 requires the organization to establish information security objectives that align with its security policy and strategic direction, are measurable, achievable and based on identified risks and opportunities. These objectives must be documented, communicated, monitored and regularly reviewed for effectiveness.