Corrective actions includes implementing new controls, updating policies & procedures. Or organizations may need to revisit their risk assessment and treatment process to identify any missed risks. The context of organization controls look at demonstrating that you understand the organization