Information Security Policy

Our company’s Information Security Policy aligns with the mission, vision, and policies expressed in the Quality Management System, and is implemented through the method of RISK MANAGEMENT CONSULTANCY AND SOFTWARE DEVELOPMENT SERVICES in FINANCE, ACCOUNTING, AND TAX ISSUES.

Information security involves activities aimed at preserving the confidentiality, integrity, and availability of the information produced, prepared, and for which the company is responsible to its stakeholders. These activities should ensure the protection of information in terms of other attributes such as accuracy, explicability, non-repudiation, and reliability.

The services to which our company is committed through its information security policy include:

• Continuity of information processing services will be provided independently of individuals, under a corporate umbrella, within the scope and limits of ISMS (“Information Security Management System”).
• Configuration of network setups requiring high knowledge and experience will be provided within the scope and limits of ISMS.
• Operational and technical support services necessary for the continuous operation of existing networks in organizations will be provided within the scope and limits of ISMS.
• Operator services in routine tasks based on information technology infrastructure/hardware/software systems and ensuring data security will be included within the scope and limits of ISMS.
• Meeting the high-level expectations of our customers and the organizations we serve under contract, enhancing information processing capabilities, keeping them informed about technological developments, and assisting them in reaching activity/process/performance goals will be sustained within the scope and limits of ISMS.
• Recognizing that all confidential/commercial/private information processed in all information technology systems where we provide services within the scope and limits of ISMS is the confidentiality of our customer, the customer’s information cannot be obtained without the knowledge/approval of the customer in any place/person/company/organization, ensuring unavailability in compliance with the conditions of Privacy/Integrity/Availability.
• The ISMS policy, while staying within the scope and limits of ISMS, will comply with legal and regulatory requirements, taking into account obligations or dependencies of third parties arising from contracts.

Our company establishes the necessary control mechanisms for the implementation of information security activities. A draft study has been initiated to determine control objectives, conduct controls, and ensure their continuity. In this study, a risk management and risk control structure has been established to which the controls will be linked.

Our company, particularly engaged in activities related to service requests based on external resource utilization, is obligated to guarantee that the most crucial asset of the organizations receiving services from it, namely their information, is not used by third parties, whether for good or bad intentions. Compliance with laws and relevant legislation rules mandatory for the highest executive structure in the areas where the institution operates, as required by specifications and contract provisions, emerges as a fundamental requirement.

To meet these requirements, adjustments will be made both in terms of hardware and software, and awareness-raising, training, and exercises for all our personnel will be conducted to enhance awareness and compliance.

Another dimension of information security is ensuring business continuity management. Therefore, necessary backup structures will be provided to eliminate any disruptions in the areas under our company’s responsibility in any business continuity structure.

In the documentation established to support our information security policy, which is part of the ISMS

Rules to be followed

Processes

Procedures

Controls

are included.