The purpose of an Information Security Management System (ISMS) is to systematically manage and protect a company's information through a set of policies, procedures, and controls. It helps ensure compliance with laws, reduces costs due to incidents caused by information compromise, and aligns information security activities with the strategic direction of the company.