ISO 27001
Services in this category ▼
System Certification Services
Sistem Patent Kalite offers 8 services under ISO 27001. Contact our team to find the right fit for your organization.
ISO 27001 Information Security Management System
ISO 27001 information security management system: what it is, why information matters, who needs it, and how to get certified through accredited audits.
How to Get the ISO 27001 Certificate
Step-by-step path to getting the ISO 27001 certificate: build an ISMS, pass two audits by an accredited body, and keep it up with surveillance audits.
ISO 27001 ISMS Principles and Objectives
The nine guiding principles of the ISO 27001 information security management system: awareness, response, ethics, risk assessment, security management.
Building an Information Security Management System
How to build an ISO 27001 information security management system: project team, scope, risk management, policies, internal audit, and certification.
Who Does ISO 27001 Apply To?
ISO 27001 applies to organisations of every size and sector, with particular relevance in finance, health, government, and IT where information protection matters most.
How to Obtain ISO 27001 Certification
How to obtain ISO 27001 information security management system certification: compliance assessment, certificate issue, surveillance, and recertification.
How to Build an ISO 27001 Information Security System
How to build an ISO 27001 information security management system: asset valuation, risk analysis, controls, documentation, internal audit, management review.
Benefits of Building an ISO 27001 Information Security Management System
The benefits of an ISO 27001 information security management system: asset protection, business continuity, legal alignment, and market reputation.
ISO/IEC 27001:2022 information security management system
ISO/IEC 27001 is the international information security management system (ISMS) standard used to manage the confidentiality, integrity and availability of information assets inside a risk-based framework. The 2022 revision reduced the Annex A control set from 114 to 93 controls and regrouped them under 4 themes: organizational, people, physical and technological. It applies directly to software and technology firms, financial services, healthcare providers and any organization handling personal or sensitive data. Read alongside Turkey's KVKK, it is the backbone document for corporate data governance.
ISMS scope, risk assessment and the Statement of Applicability
The system starts with a written ISMS scope that names the business units, sites, assets and services included. A risk assessment then covers the information assets inside that scope, with treatment options documented against each identified risk.
- Asset classification and a risk register
- Documented risk assessment and treatment methodology
- Statement of Applicability (SoA) justifying each of the 93 controls as in-scope or excluded
- Incident management, business continuity and supplier-security processes
- Internal audits and management reviews on a defined cycle
Certification audit and the 2022 transition
The Stage 1 audit reviews ISMS documentation and scope; the Stage 2 audit tests the controls in practice. The certificate is valid for 3 years with annual surveillance and a recertification audit in year 3. Under the IAF transition decision, certificates issued against ISO/IEC 27001:2013 have been migrated to the 2022 revision; new applications run directly against the 2022 version. Sistem Patent Kalite issues ISO/IEC 27001 certificates under TÜRKAK (the Turkish Accreditation Agency).
