The Information Security Management System is a systematic approach adopted to manage confidential and protected information of an organization. Information security was first mentioned in the last years of 1900s and the first standards in this direction have been put forward in the UK. Later, the International Standards Organization and the International Electrotechnical Commission worked together and prepared the ISO 27000 standards.

There are two prominent standards within the ISO 27000 standards. One of these ISO 27001 Information Security Management System and this is the basic standard of the system. The other standard is the ISO 27002 Code of Practice for Information Security Management System. This standard sets out the general principles and guiding information for starting the activities of the organizations' Information Security Management System, establishing, maintaining and continuously improving the system. In order to meet the risks associated with information security, it is in the ISO 27002 standards how to implement and control the control objectives laid down in the ISO 27001 standards.

ISO 27001. Information security The principles of the Management System are as follows:

  • Privacy Policy. Confidentiality means that the access of persons who are not authorized to be protected within the organization is closed. Or this is to prevent disclosure by unauthorized persons. So the information is confidential and should be protected.
  • Usability. The availability of information means that information can be accessed immediately by authorized persons whenever the need arises. Even if there is a problem in the organization, the information should be accessible and ready for use. Here, too, it is possible for people with access to information to access information.
  • Integrity. The integrity of the information means that the information is available to those who are unchanged, intact, and consistently authorized, as they are in the source. If the information is altered or altered partially, the integrity of the information cannot be mentioned.

An organization that attaches importance to information security and aims to protect information should classify the points of information and decide on the method of protection of information. The Information Security Management System is a system for ensuring and maintaining this security.

ISO 27001. Information Security Management System For more information about the basic principles, please contact the experienced managers and employees of the TURCERT certification body.