The central theme of the "ISO 27001:2013 Information Security Management System" is to ensure the realization of support, classification, incentive, registration, audit, monitoring, and archive activities for the sector that the organization serves. These activities demonstrate that information security management is provided in people, infrastructure, software, hardware, citizen information, organizational information, third-party information, and financial resources to ensure risk management, measure the performance of information security management, and evaluate information security. It covers the regulation of relations with third parties on related matters.
In this direction, the purpose of our ISMS Policy:
- Managing information assets, determining the security values, needs, and risks of investments, developing and implementing controls for security risks,
- To define the framework that will determine the methods for determining information assets, values, security needs, vulnerabilities, threats to support, and frequency of threats,
- Threats: Define a framework for assessing the effects of confidentiality, integrity, and accessibility on assets,
- To reveal the working principles for the processing of risks, to monitor the risks continuously by reviewing the technological expectations in the context of the scope of service,
- To meet the information security requirements arising from the national or international regulations to which it is subject, fulfilling the legal and relevant legislation criteria, meeting the obligations arising from the agreements, and corporate responsibilities towards internal and external stakeholders,
- To reduce the impact of information security threats on service continuity and to contribute to continuity,
- To have the competence to respond quickly to information security incidents that may occur and to minimize the impact of the incident,
- To protect and improve the level of information security over time with an optimum cost control infrastructure,
- To improve the institution's reputation and increase the personnel's awareness regarding the ISMS.