Bilgi Birikim Sistemleri Elek. Bil. End. Müh. Hiz. Ltd. Şti., operating at the address of Yeni Sahra Mahallesi Fatih caddesi No: 8 İSTANBUL / TURKEY, operates in the information technology industry. BBS management has committed to protect privacy, integrity and all physical and electronic information assets across the enterprise to preserve the company's competitive edge, profitability, legal compliance and commercial image. Information and information security requirements will be in line with institutional objectives, and ISMS will be a mechanism to reduce information-related risks to acceptable levels and to share information.
The BBS's existing strategic business plan and risk management framework serves to identify, determine, assess and control the risks involved in establishing and maintaining the ISMS. Risk assessment, applicability statement and the risk response plan explains how information-related risks are controlled. The Information Security Manager and the IT Manager are responsible for managing and conducting the risk response plan. Additional risk assessments may be conducted, if necessary, to determine appropriate controls for specific risks.
In particular, business continuity and contingency plans, data backup procedures, avoidance of viruses and hackers, access control systems, and information security breach notification are essential for this policy. Control targets for each of these areas are contained in the handbook and are supported by specific, documented policies and procedures.
It is expected that all BBS employees and certain external parties identified in the ISMS will comply with this policy and the ISMS implementing this policy.
ISMS is subject to continuous and systematic evaluation and development.
The BBS has created an information security committee, led by senior management, that includes the Information Security Manager and other administrators to support the framework of ISMS and periodically monitor security policy.
The BBS has its own ISMS, with ISO 27001-2013 standard.
This policy will be audited at least once a year to respond to changes in the risk assessment or risk response plan