Information Security Management System
The overall framework of policies, processes, and controls an organization uses to manage information security in a systematic way. It is the core concept behind ISO/IEC 27001, which certifies that an organization runs an ISMS with risk assessment, management commitment, and continual improvement. Having a certified ISMS is a common requirement in vendor security reviews.