21st century is characterized by information、digital & network, It has ushered in an information era whose core is network that open the gate of information between people.For the widespread use of technical information, Information security has been asked to be an overall protection in every aspect of application.British Standards Institution(BSI) raised the standard of Information Security Management Systems—ISMS，coded BS7799 in 1995.It’s revised in 2005 and became an international standard by ISO coded ISO 27001:2005 -Specification for an Information Security Management System which is the best standard of information security management all over the world . A B-grade general hospital located in the north Taiwan is chosen as an object of this case study. To meet the policy requirement she is asked to pass the ISMS certification by 2008. Adopting literature analysis method and full concerned observe method to analyze the process of implementation. Assessing security for all information research data will be input to the analysis software called MSAT . Will make some comment for the hospital about the maintenance and improvement of ISMS according to the result of study.