It covers the academic education, training activities and administrative activities of our university and the information assets related to these activities and the relevant business processes within the scope of information security carried out in order to protect these assets. Our Information Security Management System guarantees that our activities within its scope are carried out in accordance with the ISO 27001: 2022 standard.
Our Information Security Management System Policy;
· To manage the Information Security Management System according to TS/ISO 27001:2022,
· To protect our information assets, to control the activities of storing, transmitting, modifying, accessing, and processing assets based on current best practices, and to ensure that process controls are established with the principle of segregation of duties,
· To protect the availability, integrity, and confidentiality of information,
· Implementing physical security controls for assets stored in secure areas,
· Evaluating and managing the risks that may arise on information assets,
· To maintain the reliability and reputation of our university,
· To implement the necessary sanctions deemed appropriate in the event of a breach of information security,
· To ensure the establishment of the necessary administrative structure, resources, and infrastructure for reporting information security breaches and taking actions as soon as possible,
· To fulfill the requirements of national and international regulations, legal and relevant legislation, to meet the obligations arising from agreements, and to ensure information security requirements stemming from corporate responsibilities towards internal and external stakeholders,
· Reducing the impact of information security threats on business/service continuity, ensuring the continuity and sustainability of the business,
· To ensure compliance with the Information Security Management System and continuous improvement, to conduct audits and consider their results in management review meetings,
· To announce this policy to all our employees and to provide the necessary resources and training for its implementation,
· Continuously working to raise awareness among all our stakeholders regarding Information Security,
· It commits to maintaining and improving the level of information security with the established control infrastructure.
PLT.32 Information Security Policy - Publication Date: 26.01.2022 - Rev: 01 - 25.11.2024