6.1 Actions to address risks and opportunities

Clause 6.1 requires the organization to identify security risks and opportunities, determine appropriate actions to mitigate those risks and capitalize on the opportunities, and integrate those actions into its security management system. The actions must be documented, implemented, monitored and periodically reviewed for effectiveness and continual improvement.