ISO 27001 - INFORMATION SECURITY MANAGEMENT SYSTEM
Information Security Management System is a management system aimed at protecting information assets and providing confidence to interested parties, especially customers. This standard adopts a process approach to establish, implement, operate, monitor, review, maintain and improve the Information Security Management System. It can be applied to all organizations, large and small, regardless of where they are in the world.
ISO/IEC 27001 is the only international auditable standard that defines the requirements for an Information Security Management System. It is designed to ensure that adequate and proportionate security controls are selected. This standard is particularly necessary in areas where the protection of information is of great importance, such as the finance, healthcare, government and IT sectors. It is a management standard that can provide assurance to customers that their information is protected.
For ISO 27001 certificate, institutions and organizations must first establish and implement systems according to the ISO 27001 Information Security Management System standard. ISO 27001 Information Security Management System requires institutions to prepare risk management and risk processing plans, duties and responsibilities, business continuity plans, emergency incident management procedures and keep records of these in practice.
Companies that establish a system in accordance with the ISO 27001 Information Security Management System standard must have audits carried out by internationally recognized organizations accredited for the ISO 27001 Information Security Management System and successfully pass these audits.
Institutions and organizations that value information security do not necessarily need to be certified. It is also sufficient to establish an ISO 27001 Information Security Management System according to the ISO 27001 standard. However, it is not possible to talk about the effectiveness of any system and application unless it is checked and audited by a third party.
Important Note: Private integrator companies that will provide e-invoice services are required to obtain ISO 27001, ISO 22301 and ISO 20000 certificates.
In the e-invoice application guide published by the Revenue Administration (GİB) Affiliated Audit and Compliance Management Department for Private Integrator Companies that will provide e-invoice services;
Special Integrator ;
TS ISO IEC 27001 or ISO27001 documents for information security,
ISO 22301 document for business continuity (Societal security - Business continuity),
For Information Technologies Service Management System;
Must have TS ISO IEC 20000 or ISO 20000 documents.
With its explanation as follows, it has made it mandatory for private integrator companies that will provide e-invoice services to obtain ISO 27001, ISO 22301 and ISO 20000 certificates.
In summary, Private Integrator Companies;
- ISO 27001 Information Security Management System
- ISO 22301 Business Continuity Management System
- ISO 20000-1 Information Technologies Service Management System
They are required to create a system according to their standards and have these systems certified by internationally accredited certification bodies.
QUALITY TURKISH CONSULTANCY
ISO 27001 Information Security Management System serves its customers by auditing and certification.