TS EN ISO 27001: 2013 The main theme of the Information Security Management System; Ile Information Security activities i means to ensure that information security management is ensured within the scope of human, infrastructure, software, hardware, establishment information, third party information and financial resources in its activities, to ensure risk management, to measure information security management process performance and to to arrange relations with third parties in related matters.
In this direction, ISMS Policy aims;
- Manage information assets, determine security values, needs and risks of assets, develop and implement controls on security risks
- Identify the framework for determining methods for identifying information assets, values, security needs, weaknesses, threats to threats and frequency of threats.
- Define a framework for assessing the impacts of confidentiality, integrity, and accessibility of threats on assets.
- To demonstrate working principles for the handling of risks.
- To constantly monitor the technological expectations in the context of the scope of service
- To provide information security requirements arising from national or international regulations to which it is subject, to fulfill legal and relevant legislation requirements, to meet obligations arising from agreements, and to corporate responsibilities to internal and external stakeholders.
- Reducing the impact of information security threats to service continuity and contributing to continuity
- Have the competence to quickly intervene in the information security events and minimize the impact of the incident
- Maintaining and improving the level of information security over time with a cost-effective control infrastructure.
- To improve the corporate reputation, to protect against the negative effects of information security.
- To continuously improve the Information Security Management System.