I owe you a lot and thank you for your informative website. I have a question that baffling my mind. What is a Security Master Plan? Is it relevant to ISMS or 27001? Do we need it during Implementation? Could you explain it to me? I always hear in workgroups that where is your Security Master Plan? And I said we implement controls from ISO 27001 and this is enough. Am I right?