Information Security Management System
It is the coding name of the International Standards Organization consisting of abbreviated English initials. (International Organization for Standardization) It was established on February 23, 1947 with the participation of national standard organizations from ISO 135 countries in order to ensure international standardization and create international standards. It is managed with the participation of over 179 members.
ISO continues its activities in order to increase international trade and trade volume, and to build trust between supplier-business and customer. The organization published its first standard in 1987 and has continued to publish ever-evolving and diversifying standards since then.
Why is ISO 27001 ISMS Necessary?
It is an approach accepted all over the world that it is not possible for an organization to protect information security and business continuity with only technical measures, and that some measures and controls such as ISMS should be provided. Top management and all employees should support and implement the security policies to be created within the framework of ISMS without compromise. In addition, the compliance of all the people and organizations with which we cooperate with these policies is a factor that increases security.
ISO/IEC 27001 is suitable for all organizations, large or small, from any country or sector. This standard is particularly necessary in areas where the protection of information is of paramount importance, such as the finance, healthcare, public and IT sectors. ISO/IEC 27001 is also very important for organizations that manage information on behalf of others, such as IT Hosting, Telecom, Internet Service companies. It should be used to reassure customers that their information is protected.
ISO 27001 ISMS Installation and Certification Consultancy Service:
An application is made to Ekon BiliÅŸim in order to fulfill all the requirements of the ISO 27001 standard and to be entitled to receive a certificate. In the pre-audit process, the scope of the organization's ISMS is determined first. Afterwards, the process of creating documentation begins. This documentation includes the organization's security policy, risk assessment documents, risk assessment plan, declaration of conformity and security procedures. After completing all the physical security and software requirements together with the documentation, the internal audit is performed. Nonconformities detected in the internal audit are closed and the organization is made ready for external audit. For external audit, the certification process is started by applying to a TÃœRKAK ACCREDITED certification company. The audit date is determined with the certification company and if the audit company accepts, consultancy service can be provided to the institution during the audit.
If there is no major non-compliance in the external audit process, the organization is entitled to receive the ISO 27001 ISMS certificate.
CORPORATE ISMS GAP (GAP) ANALYSIS
Why is Institutional ISMS GAP (Openness) Analysis Performed?
To reveal and analyze the priority security steps that organizations will take to protect themselves from current threats and attacks.
An institution and organization that wants to improve its security situation has to act with a certain human resource, time and budget while taking some recommended security measures. At this stage, the following questions arise.
Where should institutions and organizations start to improve information security?
What kind of work should be done primarily in which areas?
What are the basic measures in the scope that can meet many possible threats instead of a specific measure for each violation event encountered?
The ISMS Gap Analysis Organization, which is carried out for the answer of all questions, reveals all the security requirements and together with this, the current situation is analyzed, the importance of the situation and the implementation steps are determined. In addition, in this way, institutions and organizations determine the full improvement activities.