Information Security Policy

As NEGZEL Teknoloji A.Ş., in the context of establishing the Information Security Management System (ISMS) related to the processes at the stages of providing services;

  • To establish a risk management methodology that includes identifying information assets, determining risks, and taking control measures related to those risks in order to comply with the principles of confidentiality, integrity, and availability of information, which are the requirements of the Information Security Management System, for our institution, employees, stakeholders, and suppliers,
  • To continuously improve our service quality within the scope of the activities of the Information Technologies Unit,
  • To provide the necessary resources and maintain continuity for hardware, software, training, and other controls required to reduce information security risks,
  • To implement necessary sanctions in case of information security violations,
  • To protect the confidentiality of the information belonging to our employees and all stakeholders, to comply with the national, international, or sectoral regulations to which it is subject, to fulfill legal and related regulatory requirements, to meet the obligations arising from agreements, and to ensure the information security requirements stemming from institutional responsibilities towards internal and external stakeholders,
  • To raise awareness, provide training, and incentivize all employees and business partners to participate in and comply with ISMS processes in ensuring information security,
  • To increase institutional awareness about information with different levels of sensitivity in terms of confidentiality,
  • To define rules for the collection, processing, transfer, protection, and secure destruction of personal data of employees, customers, visitors, suppliers, business partners, and other relevant third parties within the scope of the Personal Data Protection Law No. 6698 (KVKK) and other relevant legislation, and to fulfill all responsibilities of the Data Controller,
  • To protect information according to the classes we have determined by applying logical, physical, and administrative controls,
  • To minimize the impact on climate change by preferring technologies that are sensitive to climate change, clean, and healthy, and to ensure that a clean and healthy environment is passed on to future generations,
  • To control, monitor, review, and continuously improve the efficiency of ISMS through internal and external audits, and to ensure that the system remains compliant at all times.