Close

We Have Renewed Our ISO 27001 Certificate

"Information" as an abstract concept has become the most important value of today's companies. While the loss of other business assets of a company is able to be compensated somehow, the loss of information does not have a monetary provision. Therefore, information assets should be carefully protected no matter which format they are kept (printed, digital, etc.).

13 November 2018

iso 27001-1

ISO / IEC 27001 is the international information security management standard in which the requirements for a strong information security management system are described in detail and aims to provide the desired security level with the right human resources policies, technical procedures and information technology infrastructures for the protection of information and information assets in organizations through a risk-based approach. According to ISO / IEC 27001, the objective of an information security management system (ISMS-BGYS) is to take appropriate measures to identify, analyze and control corporate risks.

According to the Turkish Standards Institution:

“Nowadays, creating an environment of trust regarding to the confidentiality, integrity and availability of information within the institutions which are described not only with their employees but also with their customers, business partners and shareholders, is of strategic importance. Providing information security can be possible through the technological solutions together with the establishment of a sound security management system. It is a standard designed to create an effective information security management system.”

ISO / IEC 27001 is the only international auditable standard that defines the requirements of the Information Security Management System (ISMS). It is designed to ensure the selection of adequate and proportionate security audits and adopts the process approach to create, implement, operate, monitor, examine, maintain and improve the Information Security Management System. The security of the information should always be examined and checked. Information security aims to protect the confidentiality, integrity and usability of information:

  • Confidentiality: Being accessible only to the people with access,
  • Integrity: Ensuring the integrity and accuracy of business methods of knowledge,
  • Availability: Being accessible to authorized users any time they need.

The reasons for using the ISO / IEC 27001 Information Security Management System according to Turkish Standards Institution are:

  • Corporate governance
  • Improved effectiveness of information security
  • Differentiation in the market
  • Meeting top management and customer requirements
  • The only globally recognized standard
  • Employees focused on information security awareness
  • Compliance with legal requirements
  • Be prepared for emerging threats and openings
  • Responsibilities and authorization specified by the policies and procedures put in place
  • Detection of weaknesses
  • Adoption of Information Security by senior management
  • Review of ISMS by independent auditors
  • Providing confidence to trade partners and customers
  • Better safety awareness
  • Merging resources with other Management Systems
  • A mechanism of measuring system success

ISO / IEC 27001 Information Security Management System (ISMS) contains the corporate structure, policies, planning activities, responsibilities, practices, procedures, processes and resources. Establishing ISMS consists of several stages. Certification is possible after detailed checks performed by external auditors. It is generally accepted that the institutions holding this certificate have the necessary maturity and awareness to protect their information assets.

Ensuring business continuity is considered to be an important criterion in terms of compliance with the laws on information security and data privacy.

As Formalis, we are pleased to announce to our esteemed stakeholders that we have renewed this certificate.

Regarding GDPR compliance, there are two standards accepted as the indicator of the framework of personal data protection: BS 10012 Personal Information Management System (PIMS) and ISO 27001 Information Security Management System (ISMS). We, as Formalis, hold both of these certifications.

The information security of our customers will continue to be our top priority.

< PREVIOUS STORY NEXT STORY >
TRY NOW