It is highly important for us, Tezmaksan, that legal conditions are satisfied in the fields of our activity, services are provided in a manner that needs and expectation of our customers, suppliers and 3rd parties are met, services offered in a quality, fast and secure way are accessed, employees of our company reach information assets in a complete, accurate and uninterrupted way.
Tezmaksan has allowed an Information Security Management System (ISMS) to be established in accordance with ISO/IEC 27001:2013 standard to protect information of itself, its customers and 3rd parties.
The purpose of the establishment of an Information Security Management System is to: Evaluate information within the scope of confidentiality, integrity and accessibility and protect it from all internal and/or external intentional or accidental threats, and ensure that all activities are maintained in an effective, accurate, fast and secure way.
Information security is a corporate responsibility and in line with our corporate targets. Necessary roles have been defined, responsibilities have been determined and people in charge have been appointed to allow information security processes to be maintained properly. Such responsibilities cover especially all units using the information technologies infrastructure, users accessing information systems as third parties and suppliers providing technical support to information systems.
The establishment of ISMS at our company aims at determining and evaluating all possible risks in all fields within the scope, reducing such risks to acceptable levels by matching with controls compliant with the standard, and ISMS is allowed to be active within the corporation by implementing the risk assessment procedure. System infrastructures necessary to Protect Personal Data are established and studies to reach security measures to appropriate levels and improve them constantly are supported.
Within this context, our company undertakes to fulfill the requirement of the standard and legal conditions, activate all applicable controls and, additionally; improve the Information Security Management System regularly with new areas of practice and advancing technology annually.