Organisations then put the ISMS into practice, adding policies, practices, and controls to deal with the risks that have been identified. This phase calls for a disciplined approach to make sure that all facets of information security are properly integrated. As the ISMS must be aligned with ISO 27001 requirements at this phase, using  ISO 27001 C