What are the documents required for ISO 27001 Information Security Management System Certificate Application

When establishing the ISO 27001 Information Security Management System, a large number of documents will be produced as required by the system. These documents are the sine qua non of the system. because of Information security An organization that establishes and runs the Management System ISO 27001 Information Security Management System Certificate When it wants to receive, it has to give these documents to the relevant certification body. Because certification body When they start their work, they will make their first inspections on these documents, and then the auditors will go to the location of the firm and observe how much the actual documents overlap with the prepared documents.

Now, let's look at the necessary documents to be given to the certification body in order to carry out these examinations:

• Information Security Management System Handbook. The reasons why the organization needs this system, what are the risks for information protection, possible security gaps, how to manage risk and how to create information security policies are explained here.
• Information Security Management System Policies. Policies are prepared in line with the decisions of the top management of the organization. These policies, which are directly related to the field of activity of the organization, are as follows: General Policy, Access to Information Policy, Password Security Policy, Information Systems Backup Policy, Server Security Policy, Data Destruction Policy, Personnel Security Policy, Visitor Acceptance Policy, Physical Security Policy, Liability Policy for Information Assets.
• Information Security Management System Procedures. Risk Management Procedure, Incident Violation Procedure, Disciplinary Procedure, Business Continuity Procedure and similar procedures that the organization has to prepare as required by the system.
• Task Definitions. Employees' powers and responsibilities for information security should be included in their job descriptions.
• Information Security Instructions. In accordance with the procedures mentioned above, System Room Operating Instructions, VPN Security Instructions, Server Maintenance Instructions and similar application instructions should be available.
• Forms. Many new forms have to be implemented to ensure that the system runs smoothly and systematically.

Without these documents, it is not possible to start certification work in an organization.

ISO 27001. You can contact the experienced managers and employees of TURCERT certification institution about which documents are required to obtain Information Security Management System Certificate.