1 PURPOSE
The purpose of this policy is to define the security objectives and the ISMS commitment for Diştedavim. By auditing compliance with security standards and reviewing and improving these standards, security management ensures that the necessary security levels are achieved and maintained. It also ensures the definition of corporate information security methods.
2 RESPONSIBLE PARTIES
Since this policy covers all IT and related information assets in our company, all personnel are responsible. Each Diştedavim employee is responsible for protecting electronic information within their authority. The resources that need to be protected include, but are not limited to, the corporate network, computers, software, portable media, and information. These resources must be protected against physical and logical integrity breaches, unauthorized access, sabotage, malicious use, and careless use.
3 IMPLEMENTATION
3.1 Policy Statement
✓ Creating, documenting, and continuously improving documents in accordance with the requirements of ISO 27001 standards for our management system,
✓ Achieving company and departmental objectives within a team spirit, based on the Total Quality philosophy and embracing customer satisfaction,
✓ Providing secure access to its own and stakeholders' information assets,
✓ Protecting the availability, integrity, and confidentiality of information,
✓ Assessing and managing risks that may arise on its own and stakeholders' information assets,
✓ Establishing the necessary infrastructure and working environment, taking into account the risks to information assets,
✓ Periodically reviewing the information security policy and the statement of applicability to maintain compliance with conditions,
✓ Protecting the institution's reliability and brand image,
✓ Applying the necessary sanctions in the event of an information security breach,
✓ Meeting information security requirements arising from national, international, or sectoral regulations, fulfilling obligations arising from relevant legislation and standard requirements and agreements, and institutional responsibilities towards internal and external stakeholders,
✓ Reducing the impact of information security threats on business/service continuity and ensuring business continuity and sustainability,
✓ Maintaining and improving the level of information security through the established control infrastructure,
✓ Systematically managing risks to information assets and conducting training to develop technical and behavioral competencies in order to increase information security awareness,
✓ Working with all its strength to be an exemplary organization that leads the sector in quality by encouraging innovative and creative approaches, managing activities to enhance technical and behavioral competencies through training,
IS COMMITTED TO.
3.1.1 Sanctions
In the event of a violation of Corporate Information Security Policies, action shall be taken based on the laws and relevant articles specified in the Disciplinary Instructions, with the approvals of the Information Security Board and the relevant manager.
The purpose of this policy is to define the security objectives and the ISMS commitment for Diştedavim. By auditing compliance with security standards and reviewing and improving these standards, security management ensures that the necessary security levels are achieved and maintained. It also ensures the definition of corporate information security methods.
2 RESPONSIBLE PARTIES
Since this policy covers all IT and related information assets in our company, all personnel are responsible. Each Diştedavim employee is responsible for protecting electronic information within their authority. The resources that need to be protected include, but are not limited to, the corporate network, computers, software, portable media, and information. These resources must be protected against physical and logical integrity breaches, unauthorized access, sabotage, malicious use, and careless use.
3 IMPLEMENTATION
3.1 Policy Statement
✓ Creating, documenting, and continuously improving documents in accordance with the requirements of ISO 27001 standards for our management system,
✓ Achieving company and departmental objectives within a team spirit, based on the Total Quality philosophy and embracing customer satisfaction,
✓ Providing secure access to its own and stakeholders' information assets,
✓ Protecting the availability, integrity, and confidentiality of information,
✓ Assessing and managing risks that may arise on its own and stakeholders' information assets,
✓ Establishing the necessary infrastructure and working environment, taking into account the risks to information assets,
✓ Periodically reviewing the information security policy and the statement of applicability to maintain compliance with conditions,
✓ Protecting the institution's reliability and brand image,
✓ Applying the necessary sanctions in the event of an information security breach,
✓ Meeting information security requirements arising from national, international, or sectoral regulations, fulfilling obligations arising from relevant legislation and standard requirements and agreements, and institutional responsibilities towards internal and external stakeholders,
✓ Reducing the impact of information security threats on business/service continuity and ensuring business continuity and sustainability,
✓ Maintaining and improving the level of information security through the established control infrastructure,
✓ Systematically managing risks to information assets and conducting training to develop technical and behavioral competencies in order to increase information security awareness,
✓ Working with all its strength to be an exemplary organization that leads the sector in quality by encouraging innovative and creative approaches, managing activities to enhance technical and behavioral competencies through training,
IS COMMITTED TO.
3.1.1 Sanctions
In the event of a violation of Corporate Information Security Policies, action shall be taken based on the laws and relevant articles specified in the Disciplinary Instructions, with the approvals of the Information Security Board and the relevant manager.