ISMS an information security management system 

is a systematic approach to establish, implement, operate, monitor, review, maintain and continuously improve the state of information security of an organisation. 

Its objective is to protect the information assets, such that the operational and safety objectives of an organisation can be reached in a risk-aware, effective and efficient manner.

Generally speaking, an ISMS establishes an information security risk management process, based upon the results of information security impact analyses, which basically determine its scope

https://www.easa.europa.eu/en/regulations/information-security