Information Security Policy

Security

Policy

SabancıDx accepts corporate information as a very valuable asset. Loss, disruption, disclosure or theft of this information and the supportive business systems holding them in a way that may harm Sabancı Dijital Teknoloji Hizmetleri A.Ş. may have a significant impact on the integrity and reputation of corporate operations. Thus, SabancıDx employees are required to be familiar with the Information Security principles.

Information security ensures the protection of the following qualities of information assets:

Confidentiality: Ensuring the information to be accessible only by the authorized individuals
Integrity: Protecting the information against unauthorized changes and realizing any such change
Availability / Accessibility Enabling the information to be usable by the authorized users upon need

SabancıDx applies ISO 27001 Information Security Management System, embracing the following goals:

Protecting the reliability and represented image of the company,
Ensuring continuity of main and supportive business operations of the company with minimum interruption,
Ensuring adaptation to the laws, legislations and contracts signed with third parties,
Improving and maintaining the Information Security Management System constantly to manage risks effectively.

SabancıDx policies and procedures are valid for all part/full time SabancıDx employees, SabancıDx employees holding contracts with limited/limitless durations, interns and third party service providers using SabancıDx information and/or SabancıDx information systems regardless of their geographical locations or divisions.

Users of SabancıDx information and/or SabancıDx information systems infrastructure are obliged to

Learn and abide by the Information Security Policy, the principles on the protection of confidential information stated in Business Ethics, and other respective policies and documents,
Ensure the confidentiality, integrity and accessibility of corporate information in personal and electronic communications,
Take the precautions defined based on risk levels,
Report information security violations and take precautions to prevent such violations,
Abstain from forwarding internal information sources (announcements, documents etc.) to unauthorized 3rd parties,
Abstain from using corporate information systems infrastructure for purposes against the legislation,
Protect the confidentiality, integrity and availability of information belonging to SabancıDx customers, business partners, suppliers or other third parties.