Information Security Policy
Document No PT-001 | Rev. No 00 | Rev. Date 25.10.2021 |
- Purpose
This policy is established to ensure the security of all information processing facilities and the supporting information assets within the scope of NART Insurance, as well as to define the management’s direction and support for the establishment, operation, maintenance, and continuous improvement of the Information Security Management System (ISMS).
- Scope
This policy applies to all personnel, information assets, information processing facilities, and relevant third parties within the units of NART Insurance that are included within its scope.
- Responsibility
- Document Preparation: ISMS Manager
- Document Approval: Senior Management
- Document Revision: ISMS Manager
- Document Implementation: All Employees
- Document Withdrawal: Senior Management
- Information and Information Security
Information, like other important assets of the organization, is an asset that holds value for the organization and must therefore be appropriately protected. Information security ensures the continuity of information, protecting it from threats and minimizing losses.
Information security is defined as the protection of the following attributes of organizational information:
- Confidentiality: Ensuring that information is accessible only to those who are authorized.
- Integrity: Ensuring the accuracy of the information and processing methods and preventing unauthorized modifications.
- Availability: Guaranteeing that authorized users have fast access to information and related resources when needed.
The Information Security Policy is a document that outlines the highest level of organizational principles created to meet the requirements for protecting the aforementioned information and information processing facilities.
The Information Security Policy, along with all documents prepared within the scope of information security, includes the principles that all personnel and relevant parties within the scope must adhere to.
- Information Security Policy
NART Insurance commits to ensuring the security of the information and information processing facilities used in the services provided and the defined areas of activity, managing risks by identifying any deliberate or accidental threats to information assets, and ensuring business continuity and uninterrupted service in terms of information technologies. Within the scope, it commits to:
- Ensuring the physical and environmental security of corporate IT systems.
- Protecting the confidentiality, integrity, and availability of personal data within authorized limits.
- Ensuring security in compliance with legal regulations, legislative provisions, and contractual obligations.
- Allocating resources, establishing, operating, reviewing, and continuously improving the Information Security Management System requirements.
- Ensuring that main activities and processes are conducted in accordance with the documentation prepared and approved under the Information Security Management System.
- Identifying and systematically managing risks related to information and information processing facilities.
- Planning and conducting training/programs to develop technical and behavioral competencies to raise awareness of information security.
- Establishing a dynamic structure to adapt to developments and changes in the field of information technology and enhancing communication with authorities/special interest groups.
- Framework for Information Security Objectives/Targets
Information Security Management System objectives have been established using the following resources:
Management Objectives:
- Fulfillment of Senior Management decisions: 100%
- Compliance with the Risk Treatment Plan: 100%
- Closure of non-conformity records on time: 100%
- Meeting improvement requirements within budget resources: 75%
- Timely execution of internal and external audits: 100%
- Timely conduct of management review meetings: 100%
Compliance Objectives:
- Fulfillment of legal/regulatory requirements: 100%
- Fulfillment of contractual requirements: 100%
- Timely conduct of supplier audits: 80%
Operational Objectives:
- Execution of Information Security, Business Continuity, and emergency drills: 100%
- Up-to-date inventory: Processing of assets into inventory within 10 days: 75%
- Compliance with backup and recovery plans: 100%
- Compliance with capacity targets: 100%
- Timely execution of grounding measurements: 100%
- Timely maintenance of lightning rods: 100%
- Timely maintenance of equipment: 100%
- Timely execution of penetration/technical vulnerability tests: 100%
- Closure of findings from penetration/technical vulnerability tests: 80%
| Related Documents | |
|
Prepared by: MURAT AYDIN
| Approved by: DENISE NART UNAL
|