In Statistics Law of Turkey numbered 5429, the purpose of the foundation of our Institute is defined as to determine basic principles and standards concerning the production and organisation of official statistics, to compile and assess data and information, produce, publish and disseminate statistics on the areas that country needs, and to ensure coordination among institutions and organizations that are involved in the statistics process prescribed in the Official Statistics Programme.
In the 4th article of the same Law, with the phrase " In order to improve the quality of official statistics, statistics produced within the scope of Official Statistics Programme shall be prepared and implemented in accordance with the principles of reliability, consistency, impartiality, statistical confidentiality, timeliness and transparency. The basic principles are as follows; ensuring the accuracy of official statistics, presenting the data to all users on the same time and on impartial base, respecting the principles of confidentiality and protecting the rights of the public to access the information." it is stated that basic principle is the reliability, confidentiality and accesability of data and statistical information. For this reason providing the security of information is extremely important for carrying out the activities of TurkStat's reason for being, implementation of legal duty and corporate reputation.
Almost all the activities of TurkStat in this content are made electronically through "Information Systems" supported by nowadays information technologies. As the confidentiality of information is critically important; the confidentiality of the systems and technologies used for the activities like information producing, processing, transmitting, recording, erasing and destroying when needed, has the same critical importance as well.
The information systems developing every passing day, offering different opportunities and abilities, have brought and are bringing along unique weaknesses and accordingly new threats about "Information Security".
For this reason, it is required to set up and maintain a "Information Security Management System" to manage several information security activities like dealing holistically the security of institutionally important information and information system, performing legal obligations, determining threats and weaknesses, identifying the appropriate checkouts by evaluation and prioritisation of the risks.