KVKK Policy

K.V.K.K. POLICY
Information Security Management System Policy

The main theme of TS EN ISO 27001:2013 Information Security Management System, Personal Data Protection Authority: to show that information security management is provided within human, infrastructure, software, hardware, user information, organizational information, third party information and financial resources; to ensure risk management, to measure information security management process performance and to regulate relations with third parties on information security-related issues.

In this direction, B.G.Y.S. Purpose of our policy:

» To protect the information assets of the Personal Data Protection Authority against all kinds of threats that may occur knowingly or unknowingly, from inside or outside, to ensure accessibility to information as necessary through business processes, to meet legal requirements, to work towards continuous improvement,

» To ensure the continuity of the three basic elements of the Information Security Management System in all activities carried out:

Confidentiality: Preventing unauthorized access to important information,
Integrity: Demonstrating that the accuracy and integrity of the information is provided,

Accessibility: Demonstrating the accessibility of information when necessary, by those with authority,

» Dealing with the security of all data in written, printed, oral and similar media; to deal with the security of data kept in electronic environment,

» To raise awareness by giving Information Security Management trainings to all employees,

» All existing or suspicious vulnerabilities in information security, to be reported to the B.G.Y.S. team and to ensure that it is investigated by the B.G.Y.S. team,

» Preparing, maintaining and testing business continuity plans,

» To determine the existing risks by making periodic evaluations on information security, and accordingly to the results, to review and follow the action plans,

» To prevent all kinds of disputes and conflicts of interest that may arise from contracts,

» To meet business requirements for information accessibility and information systems.

» Any person who uses information assets and resources or provides information is obliged to protect information assets.

» All employees who use common information assets are expected to show the necessary sensitivity and act by considering other colleagues, employees of the institution and corporate values.

» Confidentiality is given importance as a requirement of corporate values, and all personal information is protected by systems with the highest security standards. Information is not shared unless the owner of the information requests it, is authorized or legal requirements are met.

» Among the information assets and resources, the most critical is the information assets that need to be carefully protected, kept confidential, and accessed when needed, and the system room that houses these assets.

» Information security is possible not only by ensuring the confidentiality of information, but also by ensuring its integrity and usability. The requirement of confidentiality of information means only granting access to required information assets within authorization. Integrity of information requires ensuring the completeness and accuracy of all information assets. Availability of information means that information assets are available and usable when needed.

» The complexity and multiplicity of the needs related to the use, location and protection of information necessitate the definition of comprehensive and broad information security processes and policies.

Hope to hear from you soon,
Kind regards…