What is Information Security Management System (ISMS)?

The ISMS includes the information assets, systems, technologies, people and processes, and policies that work together to protect an organization’s sensitive data. 

An ISMS protects data by:

• Identifying information assets that need to be protected
• Identifying risks to those information assets
• Implementing security controls to mitigate risks and protect information assets
• Establishing a data breach response plan
• Defining a process for monitoring and improving the ISMS over time