INFORMATION SECURITY MANAGEMENT SYSTEM (ISMS) POLICY

The main focus of the TS EN ISO 27001 Information Security Management System (ISMS) is to demonstrate that information security management is ensured for people, infrastructure, software, hardware, student information, organizational information, personnel information, third-party information, and financial resources. It aims to secure risk management, measure the performance of the information security management processes, and regulate the relationships with third parties on information security issues.

In this regard, the objective of our ISMS Policy is to:

• Protect information assets from any potential threats, whether internal or external, intentional or unintentional, and ensure the availability of information in line with business processes, while complying with legal requirements.

• Ensure the continuity of the three fundamental elements of the Information Security Management System in all activities:

  • Confidentiality: Prevent unauthorized access to sensitive information.
  • Integrity: Demonstrate the accuracy and integrity of information.
  • Availability: Ensure that authorized individuals have access to information when necessary.

• Secure not only electronic data but also all information in written, printed, verbal, or similar formats.

• Raise awareness by providing Information Security Management training to all personnel.

• Report any actual or suspected vulnerabilities in information security to the ISMS team, and ensure that they are investigated by the ISMS Coordinator.

• Prepare, maintain, and test business continuity plans.

• Conduct periodic evaluations on information security, identify existing risks, and review action plans to address these risks, ensuring their follow-up.

• Prevent any conflicts of interest or disputes arising from contracts.

• Meet business requirements for information accessibility and information systems.

Click here for the document.