correctness, The purpose completeness, of this review and potential is to support for improvemen This document offers guidance on how to review and assess information security controls being managed through an Information Security Management System specified by ISO/IEC It is