CONSULTANCY ON ESTABLISHING ISO/IEC 27001 INFORMATION TECHNOLOGY -- SECURITY TECHNİQUES -- INFORMATION SECURITY MANAGEMENT SYSTEMS – REQUIREMENTS STANDARD

ISO 27001:2013 Standard; is prepared for establishment, implementation, and putting forward the continuous improvement conditions of information security management system. Adoption of Information security management system is a strategic decision for the organization. During the establishment and the implementation of an organization's information security management system; the Organization's requiements and objectives, security requirements, the size of the organisation and processes used are effective. All of these effecting factors are expected to change over time

Information security management system retains, confidentiality, integrity and accessibility of the of the information by applying risk management process and gives assurance to the parties concerned

Our consulting service includes; scope study, risk analysis, preparation of system documentation, statement of applicability, information security awareness trainings, and internal audit steps. In addition, services are provided to improve the system. CYMSOFT saves time and effort by using SISMS software which is R&D product in the course of the establishment of information security management system. You can visit our microsite for details of our consulting service.

CONSULTANCY ON ESTABLISHING BS 10012:2017 DATA PROTECTION SPECIFICATION FOR A PERSONAL INFORMATION MANAGEMENT SYSTEM STANDARD

The goal of this International Standard is to enable organizations to develop a personal information management system that provides an infrastructure that fosters sustainability and compliance with data protection legislation as part of the overall management system.

This International Standard sets out the requirements of a Personal Information Management System (PIMS) with infrastructure to maintain and improve compliance with data protection legislation and good practice.

This standard is for the use of organizations of all sizes and sectors. It aims the use of people who are responsible for starting, sustaining and developing PIMS in an organization. It aims at a common way of creating an effective harmony with good practice and data protection legislation for internal and external users, providing trust in management for the management of personal information.

CONSULTANCY ON ESTABLISHING ISO/IEC 27031 INFORMATION TECHNOLOGY -- SECURITY TECHNIQUES -- GUIDELINES FOR INFORMATION AND COMMUNICATION TECHNOLOGY READINESS FOR BUSINESS CONTINUITY STANDARD

This International Standard sets out the concepts and principles of ICT preparation for business continuity and provides a framework for defining and describing all the conditions (such as performance criteria, design and implementation) for developing an organization's ICT preparation to ensure business continuity.

Any institution regardless of size that develops an ICT preparation (IRBC) program for business continuity that requires ICT services/infrastructures in place to support emergency operations, accidents and related interruptions that may affect the continuity of critical business functions, including standard security, to support business operations, can aply this standard.

CONSULTANCY ON ESTABLISHING ISO/IEC27799 HEALTH INFORMATICS -- INFORMATION SECURITY MANAGEMENT IN HEALTH USİNG ISO/IEC 27002 STANDARD

This international standard has been established for those responsible for the safety of health information, health care providers and other health information protectors (security consultants, auditors, third party service providers, etc.) who need a guidance under this heading. It ensures that the standard ISO/IEC 27002, which defines the practical application of standard information security management, is applied consistently in the health care environment and against the security challenges that the healthcare sector is facing. It is the only guide on how best to protect the confidentiality, integrity and accessibility of personal health information.

CONSULTANCY ON ESTABLISHING ISO/IEC 27011 INFORMATION TECHNOLOGY -- SECURITY TECHNIQUES -- CODE OF PRACTICE FOR INFORMATION SECURITY CONTROLS BASED ON ISO/IEC 27002 FOR TELECOMMUNICATIONS ORGANIZATIONS STANDARD

ISO / IEC 27011 is a security management standard specially prepared for Telecom Sector. This international standard is designed to help institutions in the telecom sector prove that they have a common minimum level of information security by providing "confidentiality", "integrity" and "accessibility" principles, which are the basic requirements of information security.

Based on the ISO/IEC 27002 standard, ISO/IEC 27011 standard is an application guide for establishing, implementing, maintaining and developing a Telecom sector specific Information Security Management System.

What is achieved with the ISO 27011 standard?

  • Establishment of an information security management system in accordance with accepted international targets for telecommunication institutions,
  • Ensuring the confidentiality, integrity and accessibility of telecommunications vehicles and services, ensuring information security,
  • Adopt a comprehensive and systematic management system for information security,
  • Secure processes and controls minimizing the risks existing in telecommunication services,
  • Competitive advantage for organizations with increased confidence in users' telecom services.
  • CONSULTANCY ON ESTABLISHING ISO/IEC 27019:2013 INFORMATION TECHNOLOGY -- SECURITY TECHNIQUES -- INFORMATION SECURITY MANAGEMENT GUIDELINES BASED ON ISO/IEC 27002 FOR PROCESS CONTROL SYSTEMS SPECIFIC TO THE ENERGY UTILITY INDUSTRY STANDARD

    ISO 27019: 2013 aims to make information security requirements applicable to control systems/automation infrastructures, especially energy infrastructure. An example of this sub-structure is the industrial control systems for electricity generation, distribution and transmission, and natural gas transmission. The information security requirements of these infrastructures may differ from traditional Information Technology infrastructures.

    Based on the ISO/IEC 27002 standard, the ISO 27019: 2013 standard is a application guide for establishing, implementing, maintaining and developing an Information Security Management System specific to the Energy sector.

    What is achieved with the ISO 27019 standard?

  • Establishment of an information security management system in accordance with international targets for energy industry organizations,
  • Ensuring the confidentiality, integrity and accessibility of energy infrastructure utilities and services, ensuring information security,
  • Adopt a comprehensive and systematic management system for information security,
  • Secure processes and controls minimizing the risks existing in telecommunication services,
  • Competitive advantage for organizations with increased confidence in users' energy services.