• PRIVACY AND INFORMATION SECURITY
...

Privacy and Information Security Policy

1. Purpose

This policy aims to establish rules, principles, and policies to ensure the confidentiality, integrity, and availability of information systems related to activities, taking into account internationally accepted standards and best practices. Information technology, like other essential assets, is vital for an organization's operations and must be appropriately protected. The security of information assets is ensured through policies defined by the company. The objectives of information security are as follows: to prevent unauthorized access to information (Confidentiality), to ensure that information and information assets are complete, accurate, and not improperly altered (Integrity), and to allow authorized users to access the required data whenever they need it (Availability).

2. Implementation

Information security can only be achieved by ensuring not only the confidentiality of information assets but also their integrity and availability.

SoftGlobal is committed to the continuous improvement of its information security management system. The establishment of the information security policy, the definition of security roles, and the implementation of relevant updates are carried out with the support of senior management and the coordination of all departments.

SoftGlobal Information Security Policy

  • Ensuring the security of customer data,

  • Providing the necessary infrastructure to maintain service continuity,

  • Implementing physical security measures proportionate to the value of the information,

  • Granting appropriate access rights and preventing unauthorized access,

  • Detecting and responding to information security incidents in a timely manner,

  • Ensuring the security of developed and procured software and applications,

  • Conducting regular risk assessments in line with the risk management approach,

  • Providing protection against malicious codes,

  • Documenting and keeping operational procedures up-to-date,

  • Protecting customer communication content and traffic data against unauthorized access,

  • Managing information assets, determining their security values, needs, and risks, and developing and implementing controls for security risks,

  • Reducing the impact of information security threats on service continuity and contributing to sustainability,

  • Meeting the information security requirements stemming from industry regulations and contractual obligations with business partners,

  • Providing information security awareness training,

  • Ensuring compliance with legislation.

ISMS Supplier Awareness Declaration

On-Site Service Providers;

  • Third-party personnel must present their identification to the reception staff when entering SoftGlobal premises and receive a visitor card against a signature.

  • Third-party personnel must visibly display their visitor card at all times.

  • Third-party personnel working for a specific duration are granted access rights for the duration of their work with the approval of the respective department authority.

  • Third-party personnel must not be present in areas where they have no access rights.

  • Third-party personnel must not enter secure areas without accompaniment.

  • Third-party personnel must not take photographs or record videos.

  • Third-party personnel must not discuss SoftGlobal’s corporate and commercial information in public areas.

  • Third-party personnel must not use SoftGlobal resources to download any information, documents, and/or works that fall under the Copyright Law No. 5846 or violate intellectual property rights.

  • Third-party personnel must not engage in any illegal activities online, or conduct positive or negative propaganda/comments about any political party or ideology, using SoftGlobal’s resources.

  • Third-party personnel must not leave portable devices containing SoftGlobal information assets (e.g., laptops, mobile phones, handheld computers) unattended or in unlocked environments.

  • Third-party personnel must take precautions to ensure that screens displaying SoftGlobal information assets are not visible to unauthorized persons (e.g., by using screen locks).

  • Third-party personnel must not leave SoftGlobal-related information or documents in workspaces, meeting rooms, training rooms, or offices.

  • Third-party personnel must report information security incidents related to the Information Security Management System (ISMS) to the Information Security Officer or the accompanying SoftGlobal personnel for escalation to the appropriate authority.

Remote Service Providers;

  • Third-party personnel must store all SoftGlobal-related information in restricted environments accessible only to authorized personnel.

  • Third-party personnel accessing SoftGlobal systems remotely (e.g., via VPN) must do so using the methods and permissions defined by SoftGlobal.

  • In the event of termination of personnel with access to SoftGlobal systems/information assets, third-party personnel must notify SoftGlobal immediately.

  • If third-party personnel store SoftGlobal systems/information assets at their own location, they must inform SoftGlobal of any facility or site-related changes.

  • Third-party personnel must report any ISMS-related violations to the Information Security Officer.