Organisations then put the ISMS into practice, adding policies, practices, and controls to deal with the risks that have been identified.This phase calls for a disciplined approach to make sure that all facets of information security are properly integrated. As the ISMS must be aligned with ISO 2700