With increasing information technologies in an organisation there are established difficult information systems. There is tendency of organisations to safe important information, information of partnership organisations and customers information.
Information Security Management System (ISMS) provides overall model modifying risk assessment, plan and information security establishment, and information security management and information security reassessment.Plan and implementation of ISMS in an organisation is conditioned by needs and objectives of organisation activities and resultant requirements on security, used technologies, magnitude and organisation structure. ISMS ensure appropriate security controls, adequate information resources security and it ensures appropriate safety to customers and to other parties. BS 7799-2 Information Security Management Systems (ISMS) – Specification guideline for implementation – it is the standard which specifies requirements for implementation, establishment, operation, monitoring, research, maintenance and improvement of documented ISMS. It specifies requirements for establishment of a safety control, adapted according to needs of an organisation. The organisation declares the assurance of information security management system requirements by certification according to BS 7799-2.