Information Security Management System

ISO 27001 Certificate

What is Information Security

Information security is prevention of unauthorized access to, use, manipulation, disclosure, disposal and handover of information or any damage to it. It comprises three basic components called Confidentiality, Integrity and Accessibility. Damage to any of these three components results in security gaps.

  • Confidentiality: Protection of information against unauthorized possession of and access to information.
  • Integrity: Prevention of unauthorized manipulation of information.
  • Accessibility: Accessibility and availability of information to authorized people when necessary.

Why Information Security?

ISMS Targets

  • Protect physical and electronic information assets of the institution to maintain the primary and subordinate operational processes with minimum interruption,
  • Ensure compatibility of the contracts signed with third parties with confidentiality requirements,
  • Provide guidance for the ARDSI staff to act in conformity with the information security requirements, promote their awareness to minimize risks,
  • Conduct risk analysis to avoid any potential risks, carry out activities to refrain from risks, formulate solutions to arising risks to ensure minimum interruption in operational processes,
  • Increase awareness and sensitivity levels of staff members and thus minimize any possible risks,
  • Protect institutional prestige,
  • Perform technical security checks,
  • Draft reports to monitor information security and risk scores, carry out risk assessment activities based on the reports.

Information Security Policy

Agriculture and Rural Development Support Institution (ARDSI) is an agency that makes the resources from the EU and international organizations available for carrying out activities aimed at implementing rural development programmes in our country.

Organized under the Support Services General Coordination Unit, one of the three general coordination units of the ARDSI, the Information Systems Coordination Unit aids the ARDSI in implementation of rural development programmes in an efficient, safe and sustainable manner by means of its Information and Communication Technologies infrastructure. Information assets of the Institution and the means of producing, processing and presenting information are the most valuable resources of our Institution. It is of great importance to ensure effective, efficient and safe use of information technologies observing the principles of integrity, accessibility and confidentiality of information, in pursuit of fulfilling the institutional objectives of ARDSI. Confidentiality means protection of critical information against unauthorized access, integrity refers to completeness and correctness of information and accessibility is making information available when necessary. These three concepts are the basis of the Information Security Management System (ISMS).

The Institutional Management resolved to set up the ISO/IEC 27001 Information Security Management System to cover all staff members, guest users, third-party firms as service providers and agencies accessing to institutional information directly or via the ARDSI Information Systems, within the framework of the Sectoral Agreement.

Implementation and sustainability of the Information Security Management System the scope of which was extended to cover 42 Provincial Coordination Units and Central Coordination Units in pursuant to the standard set in 2012 and updated in 2013 forms a key strategic goal of our Institution.

All staff members are responsible for implementation of the ISMS successfully within the Institution. The staff are liable to abide by the guidelines, procedures, standards and Institutional policies of information security.

All staff members, guest users and third-party firms as service providers accessing to institutional information directly or via the ARDSI Information Systems sign the confidentiality agreement and user declaration and commit to the liabilities contained therein. The Executive Steering Committee of Information Security established upon approval of the Senior Management is responsible for review of the Information Security Policy and adopting measures to avert and eliminate threat elements. ISCU organizes training activities to create awareness among the staff members about ISMS. ISMS officers at the Central and Provincial Coordination Units are liable to perform duties assigned to them by the ISMS Managers about the Information Security Management System.

Information Security Policy and procedures are revised at annual executive review meetings taking into account the major security failures, new vulnerabilities, risks, corrective actions, controls on organizational and technical infrastructural shifts, legal adjustments and the findings of internal and external audits; and necessary updates are realized accordingly.

In the event that the liabilities contained in the agreements and declarations made in scope of the ISMS are failed, the Executive Steering Committee of Information Security reports them to the higher authority so that the relevant issue is reviewed and inquired. Disciplinary procedures are started in case of violation of rules and information security, in line with the relevant provisions of the institutional and national legislation.

Senior management of the institution undertakes to observe conformity with the Information Security Management System and provide the resources necessary for effective operation of the system, ensure its efficiency upgrading it permanently and enable all staff members to understand the system properly. The management announces the Information Security Policy and the significance of compliance with the policy to the relevant staff members of beneficiaries, service providers and suppliers. As a result of the cited commitment, the management organizes information security awareness programs for the whole institution and maintains infrastructure investments. The management declares its support to implementation and control of the Information Security Policy and imposing of necessary sanctions in case of security violations.