It covers the academic education, training activities and administrative activities of our university and the information assets related to these activities, and the relevant business processes within the scope of information security carried out in order to protect these assets. Our Information Security Management System ensures that our activities within its scope are carried out in accordance with the ISO 27001:2013 standard.
Our Information Security Management System Policy;
• Managing the Information Security Management System according to TS/ISO 27001:2013,
• In order to protect our information assets, taking the activities of storing, transmitting, changing, accessing and processing assets under control based on current best practices, ensuring that in-process controls are established with the principle of segregation of duties,
• To protect the availability, integrity and confidentiality of information,
• Implement physical security controls for assets stored in secure areas,
• Evaluating and managing the risks that may occur on information assets,
• To protect the reliability and reputation of our university,
• To apply the necessary sanctions in case of violation of information security,
• Ensuring the establishment of the necessary administrative structure, resources and infrastructure in order to report the violation of information security and to take actions as soon as possible,
• To meet the information security requirements arising from the national and international regulations to which it is subject, fulfilling the legal and relevant legislation requirements, meeting the obligations arising from the agreements, and corporate responsibilities towards internal and external stakeholders,
• To reduce the impact of information security threats on business / service continuity, to ensure business continuity and sustainability,
• Conducting audits and considering the results of these in management review meetings in order to monitor compliance and continuous improvement with the Information Security Management System,
• To announce this policy to all our employees and to provide the necessary resources and training for the implementation of the policy,
• To work continuously to raise awareness of all our stakeholders on Information Security,
• It undertakes to maintain and improve the level of information security with the established control infrastructure.
PLT.32 Information Security Policy - Release Date: 26.01.2022 - Rev: 00