Our Information Security Policy

The main theme of the ISO 27001:2022 INFORMATION SECURITY, CYBER SECURITY AND PRIVACY PROTECTION MANAGEMENT SYSTEM, within the scope of Personal Data and Information Security Activities, is to demonstrate that information security management is ensured for people, infrastructure, software, hardware, organizational information, third-party information, and financial resources; to secure risk management; to measure information security management process performance; and to regulate relationships with third parties on information security matters.

Within this framework, under our ISMS Policy;

• To protect information assets against all kinds of threats that may occur internally or externally, intentionally or unintentionally; to ensure accessibility of information as required by business processes; to comply with legal and regulatory requirements; and to carry out continuous improvement activities.

• To manage personal data and information assets; to identify the security values, needs, and risks of assets; and to develop and implement controls against security risks.

• To ensure the continuity of the three fundamental elements of the INFORMATION SECURITY, CYBER SECURITY AND PRIVACY PROTECTION MANAGEMENT SYSTEM in all conducted activities.

Confidentiality: Preventing unauthorized access to information and information assets,
Integrity: Demonstrating that the accuracy and integrity of information are ensured,
Availability: Demonstrating that authorized persons can access information when required,

• To define the framework that will determine the methods for identifying personal data and information assets, their values, security requirements, vulnerabilities, threats to assets, and the frequency of such threats.

• To allocate financial resources and personnel for risk treatment.

• To continuously monitor risks by reviewing technological expectations within the scope of provided services.

• To fulfill national and international regulations, laws, and relevant legislative requirements; to meet obligations arising from agreements; and to ensure information security requirements stemming from corporate responsibilities toward internal and external stakeholders.

• To reduce the impact of information security threats on service continuity and contribute to continuity.

• To prepare, maintain, and test business continuity plans.

• To maintain environmentally sensitive and socially responsible activities aimed at ensuring environmental sustainability and addressing climate change.

• To ensure continuous improvement.

We commit to continuing to fulfill the requirements of our activities.