ISO 27001 is an information security management standard that is mostly adopted by international enterprises, and is considered the specification to be applied to ISMS. Currently, there are 413 agencies in Taiwan have gained the ISMS certification which is ranking No. 5 globally. As the Personal Data Protection Act was passed, enterprises are required to strengthen their own information security; hospitals and clinics also need to get the ISMS certification in order to apply for fixed subsidy when implementing the electronic medical records. Those factors will generate a substantial growth of organizations to implement the ISMS. This study collected data through interviews and questionnaires. By using descriptive statistics, ANOVA and regression analysis approach are to examine the organization impact when implementing the ISMS, which including 12 government agencies, 7 enterprises and 5 academic institutions. In this study, 10 interviews and 239 valid questionnaires were collected as well. We found that the top three difficulties for implementing ISMS are "Increased workload", "Shortage of manpower" and "Lack of proper authorities for information security team". The top four benefits for implementing ISMS are "Gain reputation for enhancing information security", "Raise value of governmental services", "Establish standardized and documented information security processes" and "Raise information security awareness and capabilities of organization staffs". The top four critical success factors for implementing ISMS are "Top management support and commitment", "Project team member with information security capabilities","Proactively push by information security team", and "Ongoing information security advocacy and training".The enterpreise is able to establish the management system with the use of ISMS. Therefore, the enterprises should control the critical successful factors and minimize the possible difficulties in order to make more benefits. To attain a more complete information security, carrying on PDCA and improving ISMS will be the main factors.