Within the scope of the ISO 27701 Privacy Information Management System and ISO 27001:2013 Information Security Management System, the main theme regarding Personal Data and Information Security Activities is to demonstrate that information security management is provided across human resources, infrastructure, software, hardware, corporate information, third-party information, and financial resources; to guarantee risk management; to measure information security management process performance; and to ensure the regulation of relations with third parties on information security matters.
Accordingly, within the scope of our PIMS-ISMS Policy, we commit to:
- Protecting information assets against any internal or external threats that may occur intentionally or unintentionally, ensuring access to information as required by business processes, meeting legal regulatory requirements, and conducting studies for continuous improvement.
- Managing personal data and information assets, determining the security values, needs, and risks of assets, and developing and implementing controls for security risks.
- Ensuring the continuity of the three fundamental elements of the Personal Data and Information Security Management System in all activities:
- Confidentiality: Preventing unauthorized access to information and information assets,
- Integrity: Demonstrating that the accuracy and integrity of information are maintained,
- Availability: Demonstrating that authorized users can access information when necessary.
- Defining the framework by which methods will determine personal data, information assets, values, security needs, vulnerabilities, threats to assets, and the frequency of those threats.
- Providing financial resources and personnel for the treatment of risks.
- Continuously monitoring risks by reviewing technological expectations within the context of the service scope.
- Fulfilling the requirements of national or international regulations, laws, and relevant legislation; meeting obligations arising from agreements; and providing information security requirements stemming from corporate responsibilities toward internal and external stakeholders.
- Reducing the impact of information security threats on service continuity and contributing to that continuity.
- Preparing, maintaining, and testing business continuity plans.
- Ensuring continuous improvement.
We commit to continuing to fulfill the requirements of these activities.