Information Security

INFORMATION SECURITY

As a requirement of business processes, any information shall be made accesible to  units in domain, service users, service providers and relevant third parties with minimum interruption.

The integrity of the information shall be maintained in all cases.

The confidentiality of the information generated and / or used will be secured in all cases, regardless of whether they are owned by service providers and third parties.

Appropriate access control will be provided and the information will be protected against unauthorized access.

Risks will be reduced to acceptable levels through the design, implementation and maintenance of the Information Security Management System.

Information will be protected regardless of the forms of use, such as electronic communication, sharing with third parties, and use of information for research purposes.

Information assets will be identified by their degree of confidentiality and will be ensured by employees to ensure their confidentiality and integrity.

The requirements determined by laws, regulations, circulars, contracts will be met and work in compliance with these will be ensured.

In order to protect critical business processes from the effects of major disasters and operational errors, business sustainability management will be implemented and business sustainability management practice principles will be constituted. The information technology business sustainability plan will be maintained and tested.

Trainings that will increase the awareness of the personnel on information security and encourage them to contribute to the functioning of the system will be regularly provided to the employees of the company and the newly recruited employees.

All actual or suspicious violations of information security will be reported; nonconformities causing violations will be identified and measures will be taken to prevent recurrence by finding the main reasons.

In the work areas, measures shall be taken in accordance with the principles of Clean Screen / Clean Table in such a way that information other than unclassified information is not allowed to be seen by others.
Employees will be trained according to the “ need to know” principle in all activities.

In order to support the ISMS principles, all principles, procedures, instructions and documents that are not classified as confidential and highly confidential, including, but not limited to, information security, shall be accessible on the basis of “need to know”  principle. Laws, international standards and conventions will be considered when creating all these documents.

Information Security Management System will ensure that the assets of our company are identified and their values are determined, risks are identified and risks are analyzed in order to eliminate the threats that may arise against the assets, measures to be taken against these risks and the documents required by these measures are kept and records are kept.

All unit managers shall ensure that the first personnel from the implementation of these principles work in accordance with the principles.

Yükleniyor