ISO 27001 Information Security Management System

What Is ISO 27001 Information Security Management System?
Information is one of the most important values of an organization to ensure business continuity. Many assets can be compensated, in case they are lost; but information has not any monetary equivalent. Therefore, the importance of information and the necessity of information protection gradually increases in today’s changing and developing conditions. Information can be used and stored in electronic media in written as well as in memories of employees verbally and many other forms. Most of these modes of use may not be used or may be changed over time due to technological advances. The security of the information should be continuously questioned and controlled because of this change and advance. Information security it that confidentiality, integrity and availability of information shall be protected.

ISO 27001 Information Security Management System is a management system that includes people, processes and information systems to ensure corporate information security and is supported by the top management. It has been designed to protect the assets of information and to provide adequate and proportional security controls that give confidence to the relevant parties. The ISO 27001 Information Security Management System includes corporate structure, policies, planning activities, responsibilities, implementations, procedures, processes and resources.

Why Is ISO 27001 Required?
It is a globally accepted approach towards the fact that it is impossible for an organization to maintain information security and business continuity through only technical measures, but also certain measures and audits such as ISMS are required for this purpose. The top management and all personnel should support and implement the security policies that shall be created within the framework the ISMS. In addition, the fact that all individuals and organizations in cooperation shall behave concordantly with these policies is a factor that increases the security.

What Are The Benefits of ISO 27001 Information Security Management System?

  • Provides accurate, reliable and valid information.
  • Prevents over workload and unnecessary loss of time.
  • Minimizes risks.
  • Ensures business continuity.
  • Provides confidentiality of information asset to be protected.
  • Raises awareness on how information systems and their weaknesses shall be protected in the establishment.
  • Provides accuracy and integrity of information and its methods to be protected as well as its content not to change.
  • Provides the criteria that have been required by the legal parties to be fulfilled.
  • Provides the access to information asset to be protected.
  • Provides corporate prestige to be maintained.
  • Provides competitive advantage.

Who Does ISO 27001 Concern?
ISO 27001 is suitable for all large or small scale companies, regardless of country or sector  in the world. This standard is particularly required in areas where it has great importance such as finance, health, public and information technology sectors. ISO 27001 is also vital for organizations managing information on behalf of others such as information technology subcontractors. It can be used to reassure customers about that their information shall be protected. The sectors where it is mandatory to obtain ISO 27001 are as follows:

  • Companies signing service contract
  • Companies signing agreement of concession
  • Companies providing satellite communication service
  • Companies providing infrastructure business service
  • Companies providing fixed phone service
  • Companies providing GMPCS mobile phone service
  • Companies providing virtual mobile network service
  • Internet service providers
  • Companies providing service for GSM 1800 mobile phone on aircrafts
  • Companies requesting authorization for special e-invoice integrator
  • Companies requesting authorization for customs procedures facilitation
  • Companies supplying electronic communication networks and operating their infrastructure
  • Software, hardware and integrator companies carrying on business in information sector and being engaged in public tenders

Where is the ISO 27001 Certificate Mandatory?

  • The Energy Market Regulatory Authority (EMRA) has made it obligatory for the companies in Petrol, Electricity and Natural Gas Market to have ISO 27001 Information Security Management System certificate through the amendments issued in the Official Gazette published with no. 29217 on 26.12.2014.
  • The status of Authorized Economic Operator (AEO) that was put into practice by the Ministry of Customs and Trade within the scope of the Regulation on Facilitation of Customs Transactions issued in the Official Gazette published on January,10 2013 is issued to the companies that fulfill their customs liabilities as well as have financial competence and safety standards (ISO 27001 and ISO 9001).
  • It is stated that the obligation was imposed for private integrator companies that shall provide e-invoicing service to obtain ISO 27001, ISO 22301 ve ISO 20000 certificates in the Special Integration Guideline on e-Invoicing Implementation published in April, 2015 by the Revenue Administration – Audit and Compliance Management Department.