Review and update the risk treatment plan and the Statement of Applicability.Assess the information security risks and determine the information security controls that should be implemented.Conduct a gap analysis to understand your existing system and determine the changes required to fulfill the requirements of the new edition of the standard.
Organizations can prepare for the transition by taking the following steps: