As the information technology prevail. Global trend, to import management methods to improve organizational efficiency and competitiveness is very important. In recent years, security incidents continue to occur, for the protection of information assets within maintain the computer operation, information security management system (ISMS) Is a set of effective control and management methods. Commonly it used ISO standard call ”ISO 27001”, for the organization to use of information, hardware, users and assets to achieve ”confidential” ”Integrity” and ”availability” This case-study is use a implement information security management system (ISO 27001) hospital. To analysis its organizational characteristics, policy, implement plan, with to appropriate cut a sub area teaching Hospital how to plan database security strategies and methods of mechanism clearly the management objectives and audit. 1. Ensure the implementation of core database operations to compliance with the relevant regulations and safety of data quality and promote the doctor-patient relationship 2. Ensure that the sensitive data internal control mechanisms for compliance the ISMS control mechanism