KAEU has started training sessions for the transition to the ISO/IEC 27001:2022 Information Security Management System version following the comprehensive revision of the ISO/IEC 27001:2013-2017 Information Security Management System Certificate, which was obtained by our institution in 2018 through the efforts of the Information Processing Department. The training sessions took place on May 27, 2024, at the Süleyman Türkmani Meeting Hall in the Ahi Evran Congress and Culture Center. Personnel from the Information Processing Department, Quality Management Coordination, Internal Audit Unit, Student Affairs Department, and Personnel Department attended the training sessions.

General Secretary Deputy and Information Processing Department Head Canfer Memoğlu provided information about the training, emphasizing the university's commitment to continuously improving and renewing information services, being able to respond to changing needs, and being competitive by placing great importance on information security. He mentioned that in this process, where legal requirements such as the Personal Data Protection Law No. 6698 have emerged, developing information security awareness, enhancing competencies, and reducing risks are crucial. Memoğlu stated that they first obtained the ISO 27001 Information Security Management System Certificate for our university in 2018, and after necessary audits and evaluations in subsequent years, the certificate was renewed. He continued his speech by saying, "In 2022, the standard was comprehensively updated, and we organized these training sessions to adapt to the updated standard. I believe that with the training, we will quickly adapt to the changing conditions. The new standard includes Cyber Security Techniques and Personal Data Security Measures. The name of the standard has changed to ISO/IEC 27001:2022 Information Security, Cyber Security, and Privacy Protection - Information Security Management Systems - Requirements."

President Memoğlu noted that there were no changes in the main headings of the new standard, but some subheadings and details were added to certain clauses. As an example, he pointed out the new phrase added to the "Understanding the Needs and Expectations of Relevant Parties" control under the "Organization's Context" main heading. Additionally, Memoğlu mentioned that a new control clause (6.3 Planning Changes) was added under the "Planning" heading, emphasizing that organizations are required to act in a planned manner according to identified change needs. He further stated, "With the transition to the ISO/IEC 27001:2022 Information Security, Cyber Security, and Privacy Protection - Information Security Management Systems - Requirements Standard, the total number of controls has been reduced from 114 to 93, and 11 new controls have been added to the standard, consolidating the Annex-A controls under 4 main headings instead of 14 clause numbers."

Within the scope of these training, our university aims to strengthen its security policies by aligning with the latest standards in information security. The training program is seen as an important step to increase awareness about information security and to comply with the new standards. The ISO/IEC 27001:2022 Information Security Management System Transition Training will continue at our University Congress and Culture Center Süleyman Türkmani Meeting Hall until May 31, 2024.