ISO 27001 is a globally accepted standard for effective information management. It helps organizations avoid costly security breaches. Organizations with ISO 27001 certification demonstrate to customers, business partners, and stakeholders that they take necessary steps in the event of a data breach, thus maintaining the reputation of the institution. While ISO 27001 certification is not mandatory for public institutions, as opposed to the private sector, it has become mandatory for the following entities starting from September 29, 2023:
In procurement tenders for information, software, or penetration testing services organized by public institutions, the obligation to possess Public Information Authorization Certificate, Penetration Testing Authorization Certificate, and Software Authorization Certificate has been added.
Public Information Authorization Certificate:
This certificate attests to the competence and capability of an organization in providing information services to public institutions. To obtain this certificate, it is necessary to have the TS EN ISO/IEC 27001 certification. The Public Information Authorization Certificate demonstrates the ability and suitability of companies operating in areas such as software development, software integration, software maintenance services, information system installation and maintenance services, information consultancy services, and information security services to provide services to the public.
Public Software Authorization Certificate:
It refers to a document issued for participants who will supply software development, software integration, and software maintenance services. To obtain this certificate, having the TS EN ISO/IEC 27001 certification is also required. This certificate allows companies operating in software development, software integration, and software maintenance services to demonstrate their ability to participate in public tenders and projects.
Public Penetration Testing Authorization Certificate:
This document is issued for participants who will provide penetration testing services. To obtain this certificate, having a Type A or B TSE Penetration Testing Company Certificate is required. It is important to note that this requirement also applies to subcontractors. The Public Penetration Testing Authorization Certificate is a significant document that attests to the ability and reliability of companies with expertise in identifying and closing security vulnerabilities to work with public institutions. In this regard, having the TS EN ISO/IEC 27001 certification is also necessary.
Other Sectors Mandating ISO 27001:
ISO 27001 is not limited to the IT sector but is a standard that directly impacts many industries. The Electronic and Telecommunication sector is also within the scope of this standard. With the publication of the Network and Information Regulation on July 13, 2014, ISO 27001 became mandatory for organizations operating in this sector.
For companies in the energy sector, ISO 27001 is also a crucial standard. The Energy Market Regulatory Authority made ISO 27001 mandatory for companies operating in the oil, electricity, and natural gas markets as of December 26, 2014. All companies in this sector are required to obtain ISO 27001 certification as of March 1, 2014.