Login
English Türkçe
CALCULATE YOUR SAVINGS

Information Security Management System Policy

Information Security Management System Policy

ISO 27001:2022 Information Security, Cybersecurity, and Protection of Personal Privacy - The main focus of information security management systems at Optiyol is to demonstrate the management of information security within the organization. This includes human resources, infrastructure, software, hardware, user information, organizational information, information belonging to third parties, and financial resources. The objectives are to identify risks and opportunities, ensure the safeguarding of risk management, measure the performance of the information security management process, and regulate relationships with third parties concerning information security.

In this context, the purpose of our Information Security Management System (ISMS) Policy is:

  • To protect Optiyol's information assets against any potential threats, whether intentional or unintentional, from inside or outside, ensure the accessibility of information in line with business processes as needed, comply with legal and regulatory requirements, and conduct continuous improvement efforts.
  • Ensuring the continuity of the three fundamental elements of the information security management system in all conducted activities:

 

Confidentiality: Prevent unauthorized access to sensitive information,

Integrity: Demonstrate the accuracy and integrity of information,

Accessibility: Demonstrate that authorized personnel can access information when needed,

  • Address the security of all data, not only electronically stored data but also data in written, printed, verbal, and similar formats,
  • Raise awareness by providing information security management training to all personnel,
  • Report any actual or suspected vulnerabilities in information security to the ISMS Team and ensure investigation by the ISMS team,
  • Prepare, maintain, and test business continuity plans,
  • Periodically assess information security by identifying existing risks; review and follow up on action plans based on the assessment results,
  • Work to increase the satisfaction of internal and external parties,
  • Prevent any disputes and conflicts of interest that may arise from contracts,
  • Meet the business requirements for accessibility to information and information systems.

 

Doküman No - Document No: BGYS.POL.01

Rev. No/ Tarih - Rev. No / Date: 00 / 01.12.2023

Yayın Tarih-Release date  01.12.2023