The purpose of developing ISO 27001 is to determine the requirements for the establishment, implementation, maintenance and continuous improvement of the information security management system. Adoption of ISMS is a strategic decision for the organization. The information security management system provides confidentiality, integrity and accessibility of information by using the risk management process. This standard includes requirements for assessing and eliminating information security risks.

nformation is vital to the performance or even the survival of an organization. ISO 27001 helps us protect and manage our valuable information. ISO 27001 is the only auditable international standard that defines the requirements of the information security management system. This standard guarantees the selection of appropriate security control and helps organizations protect their information and gain the trust of stakeholders and especially customers.

ISO 27001 provides a process approach for preparation, implementation, implementation, monitoring, review, maintenance and improvement of information security management system.

Knowledge is one of the most important values of an organization in ensuring business continuity. If many assets are lost, the lost information is not equivalent to money. For this reason, in today’s changing and developing conditions, the importance of information and the necessity of protection is gradually increasing.

Information; This can be stored in writing, electronic media, verbal, employee memory and many other formats. Due to technological developments, many of these uses may or may not change over time.

Because of this change and development, information security must be constantly questioned and controlled. Information security is the protection of confidentiality, integrity and usability of information.

ISO 27001 information security management system is a management system that includes people, processes and information systems in providing corporate information security and is supported by senior management. This plan is designed to protect information assets and provides appropriate security controls.

ISO / IEC27001: 2013 defines the requirements for installation, implementation, implementation and continuous improvement of the information security management system in the domain of the organization. It also includes requirements for assessing and improving information security risks related to the organization’s needs.

ISO 27001 requires organizations to prepare for risk and risk planning, duties and responsibilities, business continuity plans, emergency management procedures and maintain them in practice. The department should develop an information security policy that includes all of these activities and increase staff awareness of information security and threats. Information security management can only be achieved with the active support of management and the participation of personnel as a life process in which selected control objectives are measured and the follow-up and performance of controls are continuously monitored.

ISO 27001 information security standards, like many other technical issues, develop a complex web of terminology. Almost a few authors consider this problem to define precisely the meaning of these terms, a method that is unacceptable for standards, devaluing the evaluation and certification process that can lead to confusion.

The ISO 27000 standards were developed by a subcommittee of the United Technical Committee, established in cooperation with the International Organization for Standardization and the International Electrotechnical Commission.