Secure Controls Framework
Download The SCF
ISO 27001

What is an Information Security Management System (ISMS)?

Direct Answer

An ISMS is a systematic approach to managing sensitive information so that it remains secure. Under ISO 27001, an ISMS includes policies, processes, organizational structures, and tools for managing information security risks. It is defined by the organization's scope, security objectives, risk assessment methodology, risk treatment plan, and applicable controls from Annex A.

Keep Exploring

Relevant Resources

References

Authoritative Sources