A macro is a small program embedded in documents (e.g., Word or Excel files) that automates repetitive tasks. Attackers frequently abuse macros to deliver malware by sending documents that prompt the user to enable macro execution. The typical attack chain starts with a phishing email containing a macro-laden attachment. Microsoft now blocks macros from internet-sourced files by default, which has significantly reduced this attack vector. In your ISMS, you should define a clear policy on which macros are permitted and how code-signed macros are handled.