In this policy, Information Security is defined as the protection of the following features of the information assets of the institution:
a) Confidentiality: The information is accessible only by authorized persons,
b) Integrity: Protection of information from unauthorized changes and being aware of when it is changed,
c) Usability: Availability of information by authorized users when needed.
This policy covers all units using the IT infrastructure of the institution, users accessing information systems as third parties, and service, software or hardware providers that provide technical support to information systems.
Institution management:
To protect the credibility of the institution and the image of the authority it represents,
Ensuring compliance specified in contracts with third parties,
It aims to ensure the information security of all physical and electronic information assets used in the realization of corporate information services in order to ensure that the basic and supporting business activities of the institution continue with minimum interruption.
The organization's risk management framework covers the identification, assessment, and processing of information security risks. The risk assessment, feasibility statement and risk treatment plan define how information security risks are controlled. Management is responsible for the realization of this plan.
As the management of the institution, we declare that the implementation and control of the Information Security Policy and the enforcement of the necessary sanctions in case of security violations are supported by the management.
General manager
Cengiz KARATAŞ