Information Security Policy
Our Information Security Policy is to ensure information security management for people, infrastructure, software, hardware, institution and third party information, and information of financial resources under the TS EN ISO 27001:2013 main theme “Information Technologies: tender, business development and projects, purchase, service procurement and all operations starting from the review phase”; ensure risk management, measure the process performance of information security management and govern third-party relationships.
Accordingly, the purpose of our ISMS Policy is to:
- Manage information assets; to determine the security values, need and risks of assets; to develop and implement controls against security risks;
- Define the framework to be determined by methods in order to identify information assets and values, security needs and weaknesses, threats against assets and frequency of threats;
- Define the framework to evaluate the confidentiality, integrity, accessibility effects of threats against assets;
- Determine the codes of practice in order to assess the risks;
- Track the risks by reviewing technological expectations in the context of the given service;
- Meet the liabilities under national and international regulations, legal obligations and applicable law, and contracts of which it is subject to, and to meet its information security needs arising from corporate responsibilities towards internal and external stakeholders;
- Minimize the information security threats against service continuity and to contribute to continuity;
- Be competent enough to respond to any information security incidents and to minimize effects of such incidents;
- Maintain and improve the information security level with a cost-efficient control infrastructure over time;
- Increase the corporate prestige and to protect it against negative effects based on information security;
- Ensure the continuity of the Information Security Management System.