INFORMATION SECURITY MANAGEMENT SYSTEM POLICY

INFORMATION SECURITY MANAGEMENT SYSTEM POLICY

Birlesik Odeme Hizmetleri ve Elektronik Para A.S. serves as the alternative distribution channel of the entities and organizations, to which we serve as based on the mission and vision we have adopted as the management of Birlesik Odeme Hizmetleri ve Elektronik Para A.S. Our services;

  • shall be maintained within the scope and boundaries of the ISMS for the purpose of satisfying the expectations of our customers as well as the entities / organizations, to which we serve as based on an agreement, at the highest level, and enhancing their information processing capabilities and providing them with assistance for achieving their operational / process / performance goals by informing them about the technological developments.
  • By regarding that any and all kinds of confidential / commercial / proprietary information, which is processed at any and all information technologies systems to which we serve within the scope and boundaries of the ISMS, is proprietary information of the customers of the organizations / entities to which we serve, it shall be ensured that such information cannot be acquired and/or accessed at any location / person / entity, unless the respective customer of such is informed and/or the consent of the respective customer is obtained, as based on the compliance with the requirements for Confidentiality / Integrity / Availability.
  • Provided that it shall remain within the scope and boundaries of the ISMS, the ISMS policy shall observe and comply with the statutory and regulatory requirements, and it shall take into account the obligations or commitments which arise from the agreements or which are of any third party whatsoever.
    Birlesik Odeme Hizmetleri Ve Elektronik Para A.S. hereby declares that it shall demonstrate its commitment to the establishment, materialization, operation, monitoring, reviewing, maintenance and improvement of the Information Security Management System (ISMS) within the framework as described herein above, by putting into practice the following;
  • ISMS objectives shall be defined and the plans thereto shall be drawn up;. • Risk analysis shall be performed, and the risk assessments and risk criteria shall be produced as based on the results of such analysis, and the risk management shall be ensured accordingly.
  • The materiality of meeting the information security objectives and compliance with the information security policies as well as the liabilities towards the law and the requirement for continuous improvement shall be defined.
  • Sufficient resources for the purpose of establishing, materializing, operating, monitoring, reviewing, maintaining and improving the ISMS (financial, human resources, equipment, software, consulting, training, etc.) shall be provided.
  • The activities as required for determining the criteria for risk acceptance and also the acceptable risk levels shall be organized and managed.
  • The ISMS Policy shall be reviewed at least for once a year, and revisions shall be made if and when deemed so required, and such revisions shall be announced to the related parties. The management of Birlesik Odeme Hizmetleri ve Elektronik Para A.S. shall promote that the "Information Security Management System Policy" is implemented and checked, and also that the required sanctions are enforced in case of any security breach. Irrespective of the geographical location or business unit, the Information Security policies of Birlesik Odeme Hizmetleri ve Elektronik Para A.S. shall apply to and be mandatory for all staff members, who serve either on full-time or part-time or permanent or contract basis and who make use of the information or business systems of Birlesik Odeme Hizmetleri ve Elektronik Para A.S. It is required that any and all persons such as the third party service providers which do not fall under the scope of such categorization and which need to access to the information of Birlesik Odeme Hizmetleri ve Elektronik Para A.S., and also the support staff of such service providers, observe and comply with the general principles hereunder as well as such other security liabilities and obligations that are required to be observed and complied with by them.

REVISIONS MADE ON THE DOCUMENT

DESCRIPTION ITEM NUMBER DATE UPDATED BY
The document has been reviewed. 27.12.2022 Haluk Serkan Akman
Bilgi Güvenliği Politikasına ulaşmak için bağlantıya tıklayınız.
Download

Information Security Management System Policy

whatsapp-icon