Information and Communication Security Audit Guide’ draws the roadmap of institutions

The “Information and Communication Security Audit Guide” was prepared by the Presidency Digital Transformation Office in order to guide institutions and organizations in conducting audit studies. The guide was created as a result of the evaluation of over 700 expert opinions from more than 90 institutions and organizations. The “Information and Communication Security Guide Compliance Auditing Personnel and Company Certification Program”, which includes the criteria that the companies and their personnel from which audit service will be received and their training and certification issues, were implemented in cooperation with TSE and TÜBİTAK BİLGEM under the coordination of the Digital Transformation Office.

In October 2021, the Presidency Digital Transformation Office has published the ‘Information and Communication Security Audit Guide’. Digital Transformation Office President Dr. Ali Taha Koç underlined that in our day and age, digitalization plays a critical role in sustaining economic development and global competition and reminded the process of forming the Audit Guide as: “Information and communication security has become an indispensable part of digital infrastructures. Protection from cyber-attacks that change size and character with the rapid transfer of services to the digital environment increases its importance day by day in ensuring the national security of countries and emerges as a priority agenda for digital infrastructures that have become cyber targets. The Presidential Circular, which includes information and communication security measures that must be followed by public institutions and businesses providing critical infrastructure services in order to manage the security risks encountered in information systems, was published in the Official Gazette dated 6 July 2019 and numbered 30823 and entered into force. Subsequently, the ‘Information and Communication Security Guide’, which is the first reference document in its field in our country, was published. Achieving the targeted gains in the ‘Information and Communication Security Guide’ is possible through effective supervision and monitoring of the compliance process in the institutions and organizations within the scope. Institutions and organizations are expected to complete their compliance activities within the period specified in the Guide, and to carry out audit studies at least once a year in order to determine the compliance of the activities carried out and the measures taken. The Guide, which was prepared under the name of “Information and Communication Security Audit Guide” in order to guide our institutions and organizations in the execution of audit studies, was created as a result of the evaluation of over 700 expert opinions from more than 90 institutions and organizations. Valuable managers of institutions and organizations have great responsibilities in these studies to be carried out in order to increase the information and communication security level nationally.”

Criteria that personnel and companies should have were determined

In cooperation with the Presidency Digital Transformation Office, TSE and TÜBİTAK BİLGEM, the ‘Information and Communication Security Guide Compliance Auditing Personnel and Company Certification Program’ begins. As of October 2021, the Turkish Standards Institute (TSE) published the Information and Communication Security Guide Compliance Auditing Personnel and Company Certification Program’. In this guide; information about the training and exams within the scope of the current version of the ‘Information and Communication Security Guide’ published by Digital Transformation Office and the criteria that the personnel and companies that will carry out the compliance audits were stated in detail.