An information security management system (ISMS) is a framework of policies and controls that manage security and risks systematically and across your entire enterprise—information security. These security controls can follow common security standards or be more focused on your industry.
Major Components of an ISMS
- Scope and boundaries.
- Information classification.
- Risk Management Methodology.
- Risk Treatment.
- Statement of Applicability.
- Incident Handling.
- Physical Security.
- Controls that meet the organisation's business activity.