KAS Certification Accreditations
   
    
    
    
    
    
    
    
    
    
    
    
    
    
   
   
   

ISO 27001 INFORMATION SECURITY MANAGEMENT SYSTEM

In our age, as the most valuable asset of organizations, information is of great importance for the continuity of their activities. For this reason, it is inevitable to manage information safely. ISO / IEC 27001 Information security management system and Certificate supports and helps you manage and protect these valuable information assets.
ISO / IEC 27001 has been prepared in order to define the requirements of the Information Security Management System (ISMS) and to reveal the conditions for the establishment, implementation, maintenance and continuous improvement of the system.
ISO 27001 Information security management system maintains the confidentiality, integrity and accessibility of information by applying the risk management process and gives assurance to the relevant parties that the risks are managed correctly. It requires organizations to prepare risk management and risk processing plans, roles and responsibilities, business continuity plans, emergency incident management procedures related to the security of their information and to keep records of them in practice. The organization publishes an information security policy that includes all these activities and raises the awareness of its personnel about information security and threats.
This helps you protect your information assets and give confidence to interested parties, especially your customers. This standard adopts a process approach to create, implement, operate, monitor, review, maintain and improve your Information Security Management System.

Who concerns ISO 27001?
ISO / IEC 27001 is suitable for all organizations, large and small, regardless of which country or sector in the world. This standard is especially necessary in all organizations where the protection of information is of great importance, as it covers all sectors that do finance, automotive, marketing, health, Information Technology (IT), private, public, representation, import and export.
ISO / IEC 27001 can be used by organizations that serve organizations in the IT sector, manage and store their customers' information on their behalf, to provide assurance to their customers that their information is managed securely.

ISO / IEC 27001 Information security management systems
This standard covers the requirements for the establishment, implementation, maintenance and continuous improvement of an information security management system within the context of the organization. This standard also includes requirements for the assessment and processing of information security risks tailored to the needs of the organization. The requirements set out in this standard are general and are intended to be applicable to all organizations regardless of their type, size and nature. Where an organization claims compliance with this standard, it is not acceptable to exclude any of the conditions specified in Clause 4 to Clause 10.

Standards related to ISO / IEC 27001

  • ISO / IEC 27000 Information technology - Security techniques - Information security management systems - Overview and dictionary
  • ISO / IEC 27001 Information technology - Security techniques - Information security management systems - Requirements
  • ISO / IEC 27002 Information technology - Security techniques - Application principles for information security controls (including ISO / IEC 27002: 2013, Cor1: 2014 and Cor2: 2015)
  • ISO IEC 27003 Information Technology - Security techniques - Information security management system implementation guide
  • ISO IEC 27005 Information technology - Security techniques - Information security risk management
  • ISO / IEC 27006 Information technology - Security techniques - Requirements for organizations conducting information security management system inspection and certification
  • ISO / IEC 27007: 2011 Information Technology - Security Techniques - Guidelines for Information Security Management Systems Audit
  • TSE ISO / IEC TR 27008 Information Technology - Security techniques - Information security controls guide for auditors

15 October 2010 FRIDAY | Official Gazette | Number: 27730

Regulation:
Information Technologies and Communication Authority:
COMMUNICATION REGARDING THE IMPLEMENTATION OFISO / IEC 27001 STANDARD UNDER ELECTRONIC COMMUNICATION SECURITY
Purpose
Article 1 - The purpose of this regulation is; It regulates the procedures and principles regarding the implementation of the first paragraph of Article 11 titled "Obligation to Ensure Electronic Communication Security" of the Electronic Communications Security Regulation published in the Official Gazette dated 20/7/2008 and numbered 26942.
Scope
Article 2 - This regulation covers the procedures and principles regarding the obligation to comply withISO / IEC 27001 or ISO / IEC 27001 standard or to obtain a certificate of conformity within the framework of the first paragraph of Article 11 titled "Obligation to Ensure Electronic Communications Security" of the Electronic Communications Security Regulation. .
Dayanak
Article 3 - This regulation; It has been prepared on the basis of Article 11 of the Electronic Communications Security Regulation.

Definitions and Abbreviations
Article 4 - In this regulation;
a) Electronic communication: Transmission, sending and receiving of all kinds of signs, symbols, sounds, images and data that can be converted into electrical signals through cable, wireless, optical, electrical, magnetic, electromagnetic, electrochemical, electromechanical and other transmission systems,
b) GMPCS: Satellite out of global mobile personal communications, c) GSM: European Telecommunications standards Institute's mobile, according to their cellular digital communication standard transmitter and receiver units base stations, base station control stations, switching equipment, wire, which provides the connection between them and the radio all kinds of communication systems,
ç) Operator: The capital company that provides electronic communication service and / or provides electronic communication network and operates its infrastructure within the framework of an authorization by the Authority,
d) Personal voice and / or data service: Voice and / or data service that is not open to general or group access in terms of content data transmission,
e) Board: Information Technologies and Communication Board,
f) Authority: Information Technologies and Communication Authority,
g) Net Sales: The remaining amount in case sales discounts are deducted from gross sales,
ğ) Standard:ISO / IEC 27001 or ISO / IEC 27001 standard,
h) Certificate of Conformity: Certificate of conformity withISO / IEC 27001 or ISO / IEC 27001 standard obtained from organizations accredited to issueISO / IEC 27001 or ISO / IEC 27001 certificate,
ı) Annual net sales: The net sales amount obtained in one year starting with the first day of January and including the last day of December,
i) Regulation: Electronic Communications Safety Regulation. (2) For the definitions in this Communiqué that are not mentioned above, the definitions in the relevant legislation are valid.

Regulation:
Article 5 - The obligation to obtain a certificate of conformity is determined according to the net sales of the previous year with the operator's personal voice and / or data service.
a) From the operators providing personal voice and / or data transport services given in Annex-1 of this Communiqué, those with annual net sales of five hundred thousand (500,000) Turkish Liras and above are obliged to obtain a certificate of conformity.
b) Among the operators providing personal voice and / or data transport services given in Annex-1 of this Communiqué, those whose annual net sales are less than five hundred thousand (500,000) Turkish Liras are obliged to comply with the standard without the obligation to obtain a certificate of conformity.
c) Operators that do not provide personal voice and / or data transport services given in Annex-2 of this Communiqué are obliged to comply with the standard without the obligation to obtain a certificate of conformity. (2) From the operators specified in subparagraph (a) of the first paragraph;
a) Those authorized after 20/7/2008, until two years after the date of authorization,
b) Those authorized before 20/7/2008 are obliged to obtain a certificate of conformity and send this certificate of conformity to the Authority until the effective date of the notification. (3) Among the operators specified in subparagraph (b) of the first paragraph, those whose annual net sales exceed five hundred thousand (500,000) Turkish Liras in time are obliged to obtain a certificate of conformity within two years as of the end of the year in which they exceed the said annual net sales value and submit this certificate of conformity to the Authority. (4) The obligation of obtaining a certificate of conformity continues for the operators specified in subparagraph (a) of the first paragraph, whose annual net sales fall below five hundred thousand (500,000) Turkish Liras in time. (5) From the operators specified in subparagraphs (b) and (c) of the first paragraph;
a) Those authorized after 20/7/2008 are obliged to comply with the standard until two years after the date of authorization, b) Those authorized before 20/7/2008 until the effective date of the notification, without the obligation to obtain a certificate of conformity. (6) Certificate of conformity is obtained from organizations accredited to make system certification according to TS ISO / IEC 27001 or ISO / IEC 27001 standard.

Authority:
Article 6 -The Authority is authorized to update the net sales value specified in the first paragraph of Article 5 and the lists in the annex of this regulation.

Audit
Article 7 -The Authority may, on its own initiative or upon complaint, audit or have it audited whether the operators fulfill their obligations regarding electronic communication security, and may request any information and document it deems necessary regarding the issue.
Compliance with the standard and the date of certification
Provisional article 1 -In the event that the two-year period following the authorization of the operators specified in sub-clauses (a) of the second and fifth paragraphs of Article 5 of this Communiqué corresponds to the date before the effective date of the notification; These operators fulfill their obligations to obtain a certificate of conformity or to provide compliance until the effective date of the notification.
Enforcement
Article 8 -This Communiqué enters into force on the date of publication. Effectiveness
Article 9 -The provisions of this Communiqué are executed by the President of the Information Technologies and Communication Board.

ANNEX-1
OPERATORS REQUIRED FOR TS ISO / IEC 27001 OR ISO / IEC 27001 STANDARD CONFORMITY CERTIFICATE

1- Operators Signing Duty Agreements
2- Operators Signing Concession Agreements
3- Operators Providing Satellite Communication Services
4- Operators Providing Infrastructure Management Services
5- Fixed Telephone Service Operators
6- Operators Providing GMPCS Mobile Phone Service
7- Virtual Mobile Network Service Operators
8- Internet Service Providers
9- Operators Providing GSM 1800 Mobile Phone Service in Air Vehicles

ANNEX-2
OPERATORS WHO ARE NOT REQUESTED FOR TS ISO / IEC 27001 OR ISO / IEC 27001 STANDARD CONFORMITY CERTIFICATE

1- Operators Providing Satellite Platform Services
2- Cable Broadcasting Service Operators
3- Operators Providing Common Use Radio Services
4- Guidance Service Operators

E-mail:egitim@kascert.com   E-mail:info@kascert.com

Linkler | Sık Sorulan Sorular | Bilgi Bankası | Çerez Politikası | Gizlilik Bildirimi | Erişilebilirlik | Site Haritası

All Rights Reserved (KAS International Certification) © 2021