The data center needs a protection both physically and logically to secure information system from any security attacks. Any information security threats like stealing of information, denial of service and unauthorized access can cause an adverse impact on the corporate either loss of revenue, reputation and trust from the customer. Implementing Information Security Management System (ISMS) can help to identify, manage and reduce any information security threats in the data center. One of widely accepted ISMS standard today is ISO 27001. However, to the best of our knowledge, there is no specific ISMS standard that is designed for the data center at this moment. Existing standards such as ISO 27001 are designed to provide general information security that can be applied to different environments. In this paper, we propose an ISMS framework that is specifically designed for the data center to manage the aspect of confidentiality, integrity, and availability of information security. It is an implementation of people, process, and technology concept in protecting information security in the data center. This framework is developed based on ISO 27001, Annex A standard. By implementing this ISMS framework, management could reduce information security threats in the data center and support organization business continuity.