An Information Security Management System (ISMS) is a set of policies and procedures designed to improve management of critical security assets such as financial information, intellectual property, employee details, or confidential third-party data. An ISMS is implemented by an organization to improve security and manage risk associated with its information assets, regardless of how the information is stored or transmitted.
The framework for an ISMS was first published by British Standards Institution (BSI) in 1999 and was adopted by the International Organization for Standards (ISO) in 2005. The standards established by these organizations focus on establishing and adhering to best practices for managing and protecting the confidentiality, integrity, and availability of an organization’s information and systems.
Information security breaches are increasing in frequency and severity across every industry, causing a range of negative impact for businesses, their employees, and their customers. The 2014 Cost of Cyber Crime Study, a global study of U.S.-based companies by Ponemon Institute, reported the average cost of cyber crime climbed by 9% to $12.7 million in 2014, while the average time to resolve a cyber attack rose to 45 days, a 40% increase over 2013.
An ISMS defines the critical methodology for minimizing and eliminating security incidents, ensuring business continuity, protecting business investments and opportunities, reducing potential damages, and maintaining customer confidence. An effective ISMS provides a competitive advantage by maintaining a disciplined standard of management to ensure the safety of critical assets.
Information security is an essential factor in every service VMC provides to our clients. VMC established its ISMS in 2011, obtained ISO/IEC 27001:2005 certification in 2013, and became one of only 566 U.S. companies to earn ISO/IEC 27001:2013 in 2014. To maximize quality and control, VMC is audited against the standard twice per year, once by our internal audit team and once by the certificate issuer, BSI.
VMC cultivates a culture in which information security training and awareness is a part of our daily mindset. From the visible vocal commitment of VMC leadership to individual ownership and accountability of each project, every employee has a role and a responsibility in ensuring security and integrity of our clients’ information.
Download the ISMS Issue Brief