Our ISMS Policy

The main theme of the TS EN ISO 27001:2013 Information Security Management System (ISMS) is to demonstrate the management of information security within the scope of Information Technologies, starting from the contract review phase and including bidding, business development, project planning, procurement, service delivery, technical support, and all associated operations. This encompasses people, infrastructure, software, hardware, organizational information, third-party information, and financial resources. The aim is to ensure risk management, measure the performance of information security management processes, and regulate relationships with third parties on matters related to information security.

In this context, the objectives of our ISMS Policy are:

  • To manage information assets, identify their security values, needs, and risks, and develop and implement controls for security risks.
  • To define the framework for identifying methods to determine the values, security needs, vulnerabilities of information assets, the threats against them, and the frequency of these threats.
  • To establish a framework for evaluating the impact of threats on the confidentiality, integrity, and availability of assets.
  • To set forth the principles for the processing of risks.
  • To continuously monitor risks by reviewing technological expectations within the scope of services provided.
  • To comply with national and international regulations, fulfill legal and relevant legislative requirements, meet contractual obligations, and ensure information security requirements arising from corporate responsibilities towards internal and external stakeholders.
  • To reduce the impact of information security threats on service continuity and contribute to its sustainability.
  • To possess the competence to quickly respond to potential information security incidents and minimize their impact.
  • To maintain and improve the level of information security over time with a cost-effective control infrastructure.
  • To enhance the organization’s reputation and protect it from negative impacts based on information security.
  • To ensure the continuity of the Information Security Management System.
  • To continuously improve the Information Security Management System.