information security management system (ISMS)

An information security management system (ISMS) certified according to the ISO 2700x series of standards meets the requirements for qualified security management. Such an ISMS system, consisting of guidelines, measures and tools, controls specific IT risks and guarantees the required IT security.

An ISMS system with a process-oriented approach forms the basis for the company and its positioning with regard to information security. Such an approach should define the importance, requirements and goals of information security. Furthermore, the effectiveness of the ISMS should be controlled and the system should be continuously improved in a traceable manner. In this process-oriented approach, each activity that uses resources can be considered as a process. Whereby each process can form the input for the following process.

An ISMS system must be implemented at all hierarchical levels of a company and must be supervised by responsible persons. The implementation of such a system reflects the organization with its business requirements. The ISO 2700x series of standards covers the subject of ISMS, with ISO 27001 addressing certification requirements and ISO 27003 providing guidance on the development and implementation of an information security management system (ISMS).