Information Security Policy
Insurance Information and Monitoring Center (SBM) is aware of the fact that that information assets are very significant for the business processes and functions; and aims to:
- Ensure the confidentiality, integrity, accessibility, continuity and control of the information assets.
- Prevention of the unauthorized access and disclosure of the information stored and processed in the information systems of Insurance Information and Monitoring Center
- Ensure the limitation of the risk exposures to arise from the loss, corruption or abuse of the information assets and compliance with the respective laws and the regulations.
- Protecting the information assets against any internal and external threats knowingly or unknowingly, to prevent deletion or alteration of the information assets.
- To meet the applicable requirements for the information security.
The Information Security Policy applies for the persons who have an access in to the information systems or who are using these systems of Insurance Information and Monitoring Center (Employees, system administrators or executives, users, auditors, contracted employees, suppliers, third parties i.e. all the real persons and legal entities whether authorized for such accesses/uses or not).
SBM is established the mechanisms to ensure that the following requirements are fulfilled:
- Documented, certified and continually improved of the information security management systems to meet the requirements of the ISO / IEC 27001 standards by ensuring the efficient and safe operations,
- Information Security policies and all the responsibilities are subject to the periodical reviews and the approval mechanisms,
- Comply with all the legal regulations and the agreements related to the information security,
- Periodical assessment of the threats related to the information assets,
- Identification, detection, evaluation and periodical controls of the risks related to the information assets,
- Systematically managing the risks related to the information assets,
- Ensuring the confidentiality and integrity of the stakeholders' under the Information Security Management System,
- Supporting the works that will raise the awareness of the information security.
Within the scope of the Information Security Policy; the security control process is evaluated and approved for the compliance to ensure that the security risks arising from the information systems are adequately manage.