Information Security Policy

- Managing information assets, determining the security values, needs and risks of assets, developing and implementing controls for security risks.

- Define the framework for identifying information assets, values, security needs, vulnerabilities, threats to assets, methods for determining the frequency of threats.

- Define a framework for assessing the confidentiality, integrity, availability impacts of threats on assets.

- To set out the working principles for the processing of risks, to continuously monitor risks by reviewing technological expectations in the context of the scope served.

- To ensure the information security requirements arising from national or international regulations to which it is subject, fulfilling the requirements of legal and relevant legislation, meeting its obligations arising from agreements, and corporate responsibilities towards internal and external stakeholders.

- Reducing the impact of information security threats to service continuity and contributing to continuity.

- To have the competence to quickly intervene in information security incidents that may occur and to minimize the impact of the incident.

- Maintain and improve the level of information security over time with a cost-optimized control infrastructure.

- Kurum itibarını geliştirmek ve BGYS ile ilgili olarak personelin bilinç düzeyini arttırmak.

- To determine and implement traceability requirements and ensure that internal and external audits are carried out regularly.