In line with our basic service area, it is our INFORMATION SECURITY policy to effectively manage all kinds of risks to business continuity and information assets, to preserve information and to create, implement and continuously improve a management system in accordance with the Information Security standard, relevant legal and customer conditions and requirements . It is of great importance to maintain the business continuity of our organization. The following items are also covered by our information security policy.

  1. All information assets and other assets must be identified. If there is an unidentified entity, the ISMS Representative must be notified immediately.
  2. All information used or produced must be classified according to information classification criteria. If there is unclassified information, the ISMS Representative should be notified immediately.
  3. Confidentiality of the information produced and/or used should be guaranteed in all cases, taking into account the information classification criteria.
  4. In order to make information security sustainable, BG Risk Management System should be implemented to cover all assets, and subsequent decisions (risk monitoring, risk reduction, risk transfer, risk avoidance, risk acceptance) should be strictly implemented.
  5. Any changes in infrastructure, organization or processes that affect Information Security risks should be monitored and necessary risk review activities should be carried out.
  6. Access to information and the activities that can be done with the accessed information are described in the documents under the title of access management. All employees are required to work in accordance with the principles set forth herein.
  7. Business continuity management will be implemented in order to protect critical business processes from the effects of major disasters and operating errors. Trainings that will increase the information security awareness of the personnel and encourage them to contribute to the operation of the system will be provided to the employees of the institution and new employees on a regular basis.
  8. All actual or suspected breaches of information security should be reported. nonconformities causing violations should be identified and necessary corrective and corrective actions should be implemented.
  9. In work areas, in accordance with the “Clean Screen/Clean Desk Policy”, precautions should be taken so that information other than non-classified information is not allowed to be seen by others.
  10. Burda Bebek employees must act in accordance with the rules regarding encryption in all information systems they use.
  11. Network and Internet systems Network and Internet systems should be used in accordance with the usage documents.
  12. While working with third parties (contractor, supplier, customer, etc.), attention should be paid to information security within the framework of the relevant rules. .
  13. Burda Bebek employees will be informed in all activities according to the “need-to-know” principle.
  14. Information processing assets should be used to ensure the highest level of information security, and in case of non-compliance, contact should be made.
  15. All ISMS is created, maintained, monitored and measures are taken when necessary in accordance with the requirements of the Standard.