High-level management creates, initiates, or implements the approach. This approach implements data security through instructional procedures, the creation of an information security policy, and the monitoring of procedures. The priority and responsibility for project activities are assumed by high-level management. High-level managers receive help from other information security system professionals.
The next step is to adopt a methodology for implementing the ISMS. ISO 27001 recognizes that “a process-based approach to continuous improvement is the most effective model for managing information security”. The main duty of these people is to protect the information system using their experience, knowledge, education and training to build a highly safe.