ISMS – Information Security Management System
An Information Security Management System (ISMS) - like a Quality Management System - defines processes and guidelines for companies to ensure their information security. According to the German Federal Office for Information Security (BSI) the main pillars of an effective ISMS are the privacy, integrity and availability of information. The ISMS is defined by the norm ISO/IEC 27001 and applied in ISO/IEC 27002 (in Germany realized in DIN NIA-01-27). Additionally, in Germany a separate program called ISIS12 (Information Security Management in 12 Steps) was developed to address small and medium-sized enterprises which don't have the ressources to implement an ISMS.