- Information Security Management System Handbook. The reasons why the organization needs this system, what are the risks for information protection, possible security gaps, how to manage risk and how to create information security policies are explained here.
- Information Security Management System Policies. Policies are prepared in line with the decisions of the top management of the organization. These policies, which are directly related to the field of activity of the organization, are as follows: General Policy, Access to Information Policy, Password Security Policy, Information Systems Backup Policy, Server Security Policy, Data Destruction Policy, Personnel Security Policy, Visitor Acceptance Policy, Physical Security Policy, Liability Policy for Information Assets.
- Information Security Management System Procedures. Risk Management Procedure, Incident Violation Procedure, Disciplinary Procedure, Business Continuity Procedure and similar procedures that the organization has to prepare as required by the system.
- Task Definitions. Employees' powers and responsibilities for information security should be included in their job descriptions.
- Information Security Instructions. In accordance with the procedures mentioned above, System Room Operating Instructions, VPN Security Instructions, Server Maintenance Instructions and similar application instructions should be available.
- Many new forms have to be implemented to ensure that the system runs smoothly and systematically.
ISO 27001. You can apply to TÜRCERT for certification.
