The objective of the member project for Information Security Management was to gather and share best practices for implementing and running an Information Security Management System (ISMS), so that ENCS members can adopt and benefit from these best practices. This word document gives the key findings from ENCS member experiences in implementing their ISMS and advice on how to avoid the pitfalls while establishing and maintaining an ISMS.