Your security and compliance glossary

All the terms you need to know when you’re trying to get compliance audit ready, fast.

Show filters
GLOSSARY
ISO 27001
Information Security Management System (ISMS)

What is an Information Security Management System (ISMS)?

An Information Security Management System (ISMS) establishes a systematic approach to managing an organization’s information security. As a documented management system, ISMS provides a set of security controls a company can record in policies, procedures, and other kinds of documents; it may also consist of established processes and technologies that are not documented. The ISO 27001 standard defines which documents must exist at a minimum. 


Implementing an ISMS provides a structured approach to integrating information security into an organization’s business processes. Helping to manage and minimize risks to acceptable levels increases the organization’s resiliency against evolving security threats and ensures the confidentiality, integrity, and availability of organizational and customer information. 


In any implementation, companies need to define and document a risk assessment method and state the protection of specific business assets. The scope of an organization’s ISMS can be as small or as large as is necessary; the ISMS can cover part of an organization, such as a specific function or service or the entire organization.

The compliance news you need. Delivered securely to your inbox.

Subject to Vanta's Privacy Policy, you agree to allow Vanta to contact you via the email provided for marketing and other purposes

Everything you need to get compliance audit ready, fast.