The main theme of the Information Security Management System is within the scope of "Information Security Activities"; to demonstrate that information security management is provided for employees, customers, infrastructures, software, hardware, organizational private/public information, third-party data and financial resources, to ensure risk management, to measure information security management process performance and to regulate relations with third parties on information security-related issues.
Managing information assets, determining the security scores, needs and risks of assets, developing and implementing controls for security risks.
To define the framework that will determine the methods for detecting threats targeting information assets, tracking security scores, vulnerabilities.
Define a framework for assessing the confidentiality, integrity, accessibility effects of threats on assets.
To set out the working principles for handling risks.
To monitor the risks continuously by reviewing the technological expectations in the context of the scope of service.
To meet the information security requirements arising from the national or international regulations to which it is subject, fulfilling the legal and relevant legislation requirements, meeting the obligations arising from the agreements, and corporate responsibilities towards internal and external stakeholders.
To reduce the impact of information security threats on service continuity and to contribute to continuity.
To have the competence to respond quickly to information security incidents that may occur and to minimize the impact of the incident.
To maintain and improve the level of information security over time with a cost-effective control infrastructure.
To improve corporate reputation, to protect from negative effects based on information security.
To ensure the continuity of the Information Security Management System.
Continuously improving the Information Security Management System.