The ISO 27001 standard is an important standard for information security management systems. Most enterprises use the ISO 27001 ISMS Risk approach to assess threats and take precautions based on these analyzes. With the Protection of Personal Data Act (KVKK) numbered 6698, some headings need to be processed and taken into account in ISO 27001 processes in detail. Briefly, let us describe the most basic needs that are new.

With KVKK number 6698, our lives have entered new politics and procedures due to some responsibilities. The roles and responsibilities of data processing and personal data processing as data responsibility are drawn within this law. In the most basic sense, if you need to define these functional innovations in ISO 27001, the Personal Data Protection Policy, Employee Privacy Statement, Data Retention Policy, Supplier Data Processing Agreement, Data Breach Response and Notification Procedure and Data Protection Impact Assessment.

Specifically, the Supplier Data Processing Agreement, the Data Breach Response, and the Notification Procedure are part of ISO 27001 and are a few of the annexes that need to be elaborated. It is expected that the evaluation of the protection of personal data as well as risk analysis will be similar to the risk analysis.

It is inevitable that ISO 27001 will be integrated with KVKK in this process, in which many elements will be re-evaluated in the new process.