Acar Intellectual Property | Patent Registration | Trademark Registration

ISO 27001

ISO 27001 Belgesi It is the standard established by ISO (International Standard Organization) and ISO / IEC JTC 1 Technical Committee in cooperation with ISO and IEC technical committees. This standard has been prepared by TSI Information Technologies and Communication Specialization Group by basing on ISO/IEC 27001 standard accepted by ISO, and published and accepted by TSI Technical Board as Turkish Standard (TS ISO/IEC 27001).

The information is crucial for your organization's activities, possibly even for its continuation. ISO/IEC 27001 certification helps you to manage and protect your valuable information assets. ISO/IEC 27001 is the only international auditable standard that defines the Information Security Management System (ISMS) requirements. It is designed to ensure the adequate and proportionate selection of the security controls, and helps you to protect your information assets and reassure interested parties, particularly your customers. This standard adopts the process approach to establish, implement, operate, monitor, review, maintain and improve your Information Security Management System.

Benefits of ISO/IEC 27001 ISMS Standard

- Competition advantage
- Profitability
- Image
- Compliance with Laws, Regulations and Terms of Contract
- Safety
- Risk awareness
- Protects the information assets in the most appropriate manner per the requirement,
- Provides the business continuity by protecting against threats to information assets.

History of ISO/IEC 27001 ISMS Standard

ISO/IEC 17799 revised - June 2005 (numbered as ISO/IEC 27002 in 2007)
ISO/IEC 27001 new release - October 2005

Principles of ISO/IEC 27001 ISMS Standard

The organization should establish, implement, operate, monitor, review, maintain, and develop a documented ISMS in the context of all business activities and risks encountered by the organization. As a requirement of this standard, the PDCA model is used for the following requirements:

- The establishment and management of ISMS:

- The realization and operation of ISMS

- The monitoring and review of ISMS

- Ensuring and improving the continuity of ISMS

ISO/IEC 27001 Series Standards

ISO/IEC 27002 Information Technology - Application Principles for Information Security Management
Compliance with Other Management Systems
Compliance with other standard systems
In compliance with ISO 9001:2000 and 14000:2004.
Integration of management systems is possible.

Terms and Concepts Related to ISO/IEC 27001

Information Security Management System (ISMS): It is a part of the entire management system that bases on the business risk approach to establish, realize, operate, monitor, review, maintain and develop Information security.

Risk analysis: Systematic use of information to determine the resources and estimate the risk.

Risk evaluation: The entire process involving risk analysis and risk rating.

Risk rating: It is the process for the comparison of the risk estimated for the purpose of assigning the importance of risk with the risk criteria.

Risk management: The coordinated activities used for the purpose of controlling and directing a company in terms of risk.

Risk processing: The process for selecting and implementing the measures required to be taken to change the risk.

Availability declaration: It is the declaration that has been documented by the organization to explain the available control purposes and controls related to its ISMS.