Information Security Management Policy

Information Security Management Policy

The main idea of TS EN ISO 27001: 2013 Information Security Management System; ArdGrup IT Software Services demonstrates that human, infrastructure, software, hardware, customer information, organizational information, third party information and information security management for financial reporting are provided to implement risk management and analyse information security management, process assessment and information security.

Accordingly, the purpose of our ISMS Policy is

  • To protect Ard Group IT information assets against any internal or external threats that may occur,to provide access to information through business processes when necessary
    to meet the requirements of legal regulations, to ensure that in all tasksthe three basic elements of the Information Security Management System are always carried out,
  • To consistently carry out the three basic elements of the Information Security Management System:
    • Confidentiality: Preventing unauthorized access to important information,
    • Integrity: Demonstration of accuracy and integrity of information,
    • Accessibility: Demonstration of the accessibility of information to the authorized persons when necessary,
  • To take care of the security of not only data held in electronic media butof all data in written, printed, oral and similar media.
  • To raise awareness by training staff in Information Security Management
  • To report anyinadequacy in the field of Information Securityto the ISMS Team and to ensure that the ISMS Coordinator investigates it
  • To prepare, maintain and test business continuity plans.
  • To identify existing risks by periodically evaluating Information Security and to review and follow up on the action that is taken as a result of the evaluations
  • To prevent any conflicts and conflicts of interest that may arise from the contracts.
  • To meet business requirements for information accessibility and information systems.