The information security management process according to ISO / IEC 27001 is a process of protecting information assets. It is implemented by organizations aware of the fact that information is a strategic component of their business.
Information Security Management System can be implemented in organizations of all sizes, regardless of the nature and specifics of their activities. It is based on a process approach and can be integrated with other management systems (e.g. quality management, environmental management, business continuity management).