In an era of globalization, the technology has allowed to boost the development of companies, achieve operational efficiencies and reach markets and customers that had never before been thought, data and information become one of the most important assets in organizations. But are exposed to new risks, threats and vulnerabilities that can affect the security of these assets. The objective of this document is to present a model of an information security management system, aligned with the norm NTC-ISO-IEC 27001: 2013, that applies to any organization, and that allows them to know their current status with respect to to the security of the information, and implement the controls, procedures and policies necessary to preserve the integrity, confidentiality and integrity of the information assets. This model is applied to an organization Geoconsult CS, which provides technical information management and administration services in the hydrocarbon sector. The results and the data obtained from the application of the model in this organization were very successful, allowing Geoconsult CS to know and analyze the current state of the organization according to the requirements and control and control objectives of the standard, analyze its context organizational, define its security structure, information security policies and the resources necessary to certify its management system. Additionally, information assets, technical vulnerabilities and risks applied to all processes were identified.