Information Security Policy
- To determine the risk acceptance criteria and risks, to develop and implement controls.
- Recognizing that all kinds of confidential / commercial / private information processed in all information technology systems we serve within the scope and limits of ISMS is the privacy of the customer of the institution / organization we serve, it will be ensured that this information cannot be obtained anywhere / person / institution / organization without the customer's knowledge / approval, adhering to the conditions of Confidentiality / Integrity / Accessibility.
- Provided that it remains within the scope and limits of the ISMS, the ISMS policy will comply with legal and regulatory requirements, take into account obligations or dependencies arising from contracts or third parties.
- The operating and technical support services necessary for the continuous operation of Field Services, Maintenance and Repair services existing in institutions / organizations will be provided within the scope and limits of ISMS.
- To define a framework for evaluating the effects of confidentiality, integrity, accessibility of information within the scope of the information security management system.
- To monitor the risks continuously by reviewing the technological expectations in the context of the scope served
- To provide information security requirements arising from national or sectoral regulations to which it is subject, to fulfill legal and relevant regulatory requirements, to meet its obligations arising from agreements, to meet its corporate responsibilities for internal and external stakeholders.
- To reduce the impact of information security threats on service continuity and to contribute to continuity
- To have the competence to be able to quickly intervene in information security incidents that may occur and to minimize the impact of the incident
- To maintain and improve the level of information security over time with a cost-effective control infrastructure.
- To improve the reputation of the institution, to protect it from negative effects based on information security.
Within the scope of information security, an information classification guide has been created to increase corporate awareness about information with different levels of sensitivity in terms of privacy, to determine and apply the logical, physical and administrative controls recommended for information with different levels of sensitivity; to define the rules for storing and destroying data in portable environments.
Top Management is committed to the realization, review and continuous improvement of Information Security related practices.