SabancıDx considers corporate information as a very valuable
asset. Loss, disruption, disclosure to third parties or theft of
information and the supportive business systems hosting the
information in a way that may harm Sabancı Dijital Teknoloji
Hizmetleri A.Ş. may have a significant impact on the integrity and
reputation of corporate operations. Therefore, all SabancıDx
employees are required to be familiar with the Information
Security principles.
Information security ensures the protection of the following
qualities of information assets:
-
Confidentiality: Ensuring the information to be accessible only
by the authorized individuals,
-
Integrity: Protecting the information against unauthorized
modification and realizing such modifications,
-
Availability / Access Enabling the information to be available
by the authorized users upon need.
SabancıDx applies ISO 27001 Information Security Management
System, embracing the following goals:
-
Protecting the reliability and represented image of the company,
-
Ensuring continuity of main and supportive business operations
of the company with minimum interruption,
-
Ensuring compliance with the laws, legislations and the
contracts signed with the third parties,
-
Improving and maintaining the Information Security Management
System constantly to manage risks effectively.
The policies and procedures of SabancıDx apply to all part
time/full time SabancıDx employees, all SabancıDx employees with
fixed term/permanent contracts, interns and third party service
providers using SabancıDx information and/or SabancıDx information
systems infrastructure, regardless of their geographical locations
or divisions.
Users of SabancıDx information and/or SabancıDx information
systems infrastructure are obliged to
-
Learn and abide by the Information Security Policy, the
principles on the protection of confidential information stated
in Business Conduct, and other respective policies and
documents,
-
Ensure the confidentiality, integrity and access of corporate
information in personal and electronic communications,
- Take the precautions defined based on risk levels,
-
Report information security violations and take precautions to
prevent such violations,
-
Abstain from conveying internal information sources
(announcements, documents etc.) to unauthorized 3rd parties,
-
Abstain from using corporate information systems infrastructure
for purposes against the legislation,
-
Protect the confidentiality, integrity, availability and access
of information belonging to SabancıDx customers, business
partners, suppliers or other third parties.