Skip to main contentChat with us

Glossary · ISO

ISMS

Information Security Management System

The framework of policies, processes, roles, and controls an organisation uses to manage information-security risk in a systematic, repeatable way. ISO/IEC 27001 is the standard against which an ISMS is certified.

This definition is part of TCSA’s plain-English compliance glossary, written and reviewed by the auditors who prepare organizations for these frameworks — 500+ audits delivered across India, USA, UK, Australia & UAE.

Go deeper: the full ISMS guide

The complete plain-English explainer behind this definition.

Related ISO terms

AIMS

The governance system defined by ISO 42001 for managing the risks and obligations that come with building or deploying AI. It sets out policies, roles, and controls so an organisation can show its AI is developed and operated responsibly.

Annex A Controls

The catalogue of 93 information-security controls listed in Annex A of ISO/IEC 27001:2022, grouped into organisational, people, physical, and technological themes. An organisation selects the controls relevant to its risks and records that choice in the Statement of Applicability.

ISO/IEC 27001

The leading international standard for an information security management system (ISMS), specifying requirements for establishing, operating, and continually improving information security. Certification is issued by an accredited certification body after a successful Stage 1 and Stage 2 audit.

ISO/IEC 27701

An extension to ISO/IEC 27001 that adds privacy-specific requirements and controls, turning an ISMS into a Privacy Information Management System (PIMS). It helps organisations demonstrate alignment with privacy laws such as GDPR and the DPDP Act.

ISO/IEC 42001

The first international management-system standard for artificial intelligence, published in 2023, defining requirements for an AI Management System (AIMS). It helps organisations govern AI responsibly and map to obligations such as the EU AI Act.

PIMS

The privacy-management framework established by ISO/IEC 27701, layered on top of an ISO 27001 ISMS. It adds the controls and accountability needed to manage personally identifiable information as a controller or processor.

Browse all 54 glossary terms

Written By Expert Auditors

Surendra Pal Singh
Surendra Pal Singh
Chief Information Security Officer & Data Protection Officer
CISODPOCISAMCSEITILISO 27001 Lead AuditorISO 27701 Lead AuditorISO 42001 Lead Auditor
Saundhi Chauhan
Saundhi Chauhan
Lead Auditor
ISO 27001 Lead AuditorISO 27701 Lead Auditor
Last reviewed: July 2026Content verified by certified lead auditors

Get in touch

Book a free consultation or send us your requirements. We respond within 24 hours.

Quick Call

Pick a time slot

Send Requirements

Get a custom quote in 24 hours

We're Online

⚠️ Business inquiries only. Personal email addresses will be rejected.

24hr Response
Free Consultation
No Obligations