Process in ISO 27001?

my question is about opportunity in clause 6 of ISO 27k it seems no clear for me to develop it
second did we need to develop process for our ISMS ?

Answer:
I am sorry but I am not sure if I have understood your questions. Regarding the clause 6, I suppose that you mean “6.1 Actions to address risks and opportunities”, if so, risks and opportunities are related to the objectives, and any action that you take that is related to the achievement of the security objectives, but is not related to the risk management, can be considered to be addressing the opportunities (An example related to an opportunity: Your organization buy a cheap firewall which gives your organization the opportunity to reduce risks, but it can produce increased risks due to low quality of the device). You can document such actions in your Management review minutes, corrective actions, or any other records or documents that you use in your company.

Regarding the process for your ISMS, again I am not sure what you mean, but really a process is a set of interrelated or interacting activities which transforms inputs into outputs, so in accordance with this you can define the process that you want to implement the ISMS (some examples: information security risk assessment process, risk treatment process, audit process, etc).

You can also see the implementation of the ISMS as a global process, so this free webinar can be also interesting for you “ISO 27001: An overview of the ISMS implementation process” : https://advisera.com/27001academy/webinar/iso-27001-overview-isms-implementation-process-free-webinar-demand/

And this article about objectives can be interesting for you “ISO 27001 control objectives – Why are they important?” : https://advisera.com/27001academy/blog/2012/04/10/iso-27001-control-objectives-why-are-they-important/

Finally, maybe our online course can be also interesting for you “ISO 27001:2013 Foundations Course” : https://advisera.com/training/iso-27001-foundations-course/