The process concentrates on control and organisation of Security Management:
* Delegation of responsibilities in the range of information security
* Method how to prepare security plans
* Method how to implement security plans
* Method how to evaluate security plans
* Method how to take into consideration results of security plans (plans what measures to take)
* Method of reporting to customers (together with Service Level Management).