Corrective (as a control type) describes controls that activate after a security incident has occurred. Their goal is to limit impact and restore normal operations. Examples include backup restoration, incident response procedures, and contingency plans. Corrective controls complement preventive controls (which prevent incidents) and detective controls (which detect incidents). In your ISMS, you assign each measure to one or more control types. A balanced mix of all three types is crucial: prevention alone is never sufficient, because not every incident can be prevented.