An Information Security Management System (ISMS) is a framework for managing sensitive company information to ensure its security. It involves implementing policies and controls to assess risks to information security, manage risks, and ensure continuous improvement of the security system. The goal of an ISMS is to maintain the confidentiality, integrity and availability of a company's information assets.