ISMS is not a standalone concept. It has its derivatives from various different international bodies and standards, Included ISO 17799/BS17799 - ISO17799 which are for the IT security industry, and ISO 9000 which is for the TQM industry. Effective factors on ISIM are classifiable as two general categories of soft and hard. Analyzing the current security conditions of information and a detailed overall view of it is essential to practically stabilize a successful ISMS. Thus, the project’s main goal is to identify and prioritize the effective parameters to reach a better stage of planning and focus.The Statistical society of this study is academic experts, managers, and employees of IT department. In this study, the social security organization (SSO) branches in the province of Guilan is case study, and FAHP is used for analyzing the data. The results showed that soft factors, i.e., management, cultural & social factors, are more important than hard factors, i.e., technical, technological & financial factors, in ISMS, and management factors are also most important than the two other factors, ie cultural & social factors.