Describes the new requirements and gives fresh insights into understanding management systems in general and ISMSs in particular and provides advice on risk assessment and risk treatment, a clear explanation of the purpose of the 'Statement of Applicability' (SOA) and advice on determining controls in practice.