Information security objectives are required under clause Clause 6.2. The information security policy provides the framework for the objectives. Organizations should keep the objectives separate from the policy and review them at each management review (see clause 9.3).
Conformance1
Tools for conforming to standards, goals and processes
