Information Security Management System (ISMS)
The ISO 27001 standard evaluates an organization’s information security management system, or ISMS.
What is Information Security Management System (ISMS)?
The ISMS includes the information assets, systems, technologies, people and processes, and policies that work together to protect an organization’s sensitive data.
An ISMS protects data by:
- Identifying information assets that need to be protected
- Identifying risks to those information assets
- Implementing security controls to mitigate risks and protect information assets
- Establishing a data breach response plan
- Defining a process for monitoring and improving the ISMS over time