The purpose of an Information Security Management System (ISMS) is to systematically manage and protect a company's information through a set of policies, procedures, and controls. It aims to ensure compliance with laws, reduce costs due to incidents caused by information compromise, and align information security activities with the strategic direction of the company.