Text Content

Management System for Information Security
What is Information Security Management System?
Why is it necessary?
What are the benefits?
What are the processes?
Why is it important?

ISO 27001 specifies the systematic structure of a process-oriented management system for information security. It also specifies the requirements for such a system.

DENETİK is an accredited organization from TÜRKAK for ISO 27001 certification.

Management System for Information Security

This comprehensive approach offers many decisive advantages:

Increased security awareness among employees and managers
Safeguarding of the security objectives confidentiality, availability, integrity, authenticity, and reliability of information
Contribution to safe guarding business continuity
Legal certainty through systematic adherence to relevant laws on information security and data protection
Reduced risk of management liability
Cost savings through security incidents avoided

What is Information Security Management System?

ISO / IEC 27001 Information Security Management System (ISMS) is an international auditable standard that defines information security as a management system. It is designed to provide adequate and proportional security controls that protect information assets and give confidence to interested parties.

This Management System includes corporate structure, policies, planning activities, responsibilities, practices, procedures, processes and resources.

ISO 27001 Information Security Management System is a standard that can be applied to every sector and size organization.

This standard covers the requirements to set up, perform, monitor, review, maintain and improve a documented ISMS in the context of all commercial risks of the organization.

Information that is valuable for organizations today; in terms of privacy, integrity and accessibility, its preservation, continuity and systematic are required.

Protection is made possible by informing people about the threats and risks related to information security, information security policies or rules about information security, how they can resist these risks and how they can keep possible risks at the lowest possible risk level.

The adoption of the Information Security Management System for an organization should be a strategic decision. The organization is influenced by the design and implementation of the management system, its needs and objectives, security requirements, processes used, size and structure of the organization.

Why is it necessary?

It is a globally accepted approach that an organization should not only maintain information security and business continuity through technical measures, but also provide a number of measures and inspections such as ISMS. Top management and all employees should support and implement the security policies to be established within the framework of ISMS without compromise. In addition, the compliance with this policy by the people and organizations that are cooperated in; is a factor that increases the security.

What are the benefits?

It indicates that your internal audits are provided independently and meet corporate governance and business continuity requirements. Benefits for the organization are as follows;

. Protecting the confidentiality of information assets,

. Ensuring effective risk management by identifying threats and risks.

. Protection of corporate prestige

. Ensuring business continuity,

. Supervision of access to information sources,

. To raise the awareness of the personnel, contractors and subcontractors about security issues and to inform them about important security issues,

. Establishing a realistic control system to ensure that sensitive information is used appropriately in automated and manually managed systems,

. Ensuring the integrity and accuracy of information assets,

. Preventing staff from being suspected of misconduct and abuse by others,

. Ensuring that sensitive information is properly available to third parties and auditors.

It demonstrates independently that the applicable laws and regulations are complied with.

It provides a competitive advantage by meeting the contractual requirements and by showing your customers the care they attach to the security of their information.

Your information security processes, procedures and documents are formulated in an independent way that your corporate risks are properly identified, evaluated and managed.

Regular evaluation helps you continuously monitor and improve your performance. It proves your commitment to the security of your senior management’s information.

With information security system, the following items are achieved among the employees of institutions;

– Increases awareness and motivation of information assets,

– The information assets that they have can be protected.

– Business continuity is ensured,

– A healthy structure is established with customers and suppliers,

– Advantage in competition,

– Legal compliance is ensured.

What are the processes?

ISO 27001 adopts a process approach to establish, implement, operate, monitor, maintain and improve ISMS.
Standard Definition
Implementation of ISMS 


Establishing ISMS policy, objectives, processes and procedures for managing risks and improving information security to distribute the results according to the organizaton’s general policies and objectives


Execution and operation
Execution and operation of ISMS policy, controls, processes  and procedures
Monitoring and revising ISMS
Evaluating process performance according to ISMS policy, objectives and usage experiences and measure where applicable, and report the results to the management for review
Maintaining and improving the continuity of ISMS
Performing corrective and preventive actions based on management review results to ensure  continous improvement of ISMS

Why is it important?

ISO 27001Why is it important?
. Evaluation of the institutional level by an impartial organization,
. To gain prestige in terms of possessing Information Security Management System,
. To be preferred by reputable customers,
. Material and moral costs that may be incurred due to lack of information security,
. Increased awareness of employees