INFORMATION SECURITY MANAGEMENT SYSTEM POLICY

​​​​The primary objective of the TS EN ISO 27001:2013 Information Security Management System (ISMS) is to ensure that information security is maintained within the Presidency of the Republic of Türkiye Investment Office IT services with respect to managing risks related to human resources, infrastructure, software, hardware, client information, organizational information, third-party information, and financial resources. The ISMS further aims to measure the performance of the information security management process and regulate relations with third parties regarding information security.

Accordingly, the purpose of the ISMS Policy is to; 

  • Protect the information assets of the Presidency of the Republic of Türkiye Investment Office against any kind of intentional or unintentional threats from internal or external sources, ensure the availability, integrity, and confidentiality of information as required through business processes, and comply with legislative requirements and engage in activities that promote continual improvement.
  • Maintain the continuity of the following three ISMS fundamentals in all activities carried out by the Republic of Türkiye Investment Office:
    • Confidentiality: Preventing unauthorized access to critical information.
    • Integrity: Maintaining the accuracy and integrity of information.
    • Availability: Ensuring that authorized people have access to information when required.
  • Address the security of all data, regardless of format, including written, printed, verbal, and similar formats, in addition to electronically stored data.
  • Raise awareness by providing all personnel with Information Security Management training.
  • Report any existing or suspected vulnerabilities in the scope of Information Security Management to the ISMS team for investigation.
  • Develop, maintain, and test business continuity plans.
  • Conduct periodic Information Security Management evaluations to identify existing risks. Review and monitor action plans following evaluations.
  • Prevent any disputes or conflicts of interest that may arise from contracts.
  • Ensure that business requirements for information availability and information systems are met.