The main theme of the TS EN ISO 27001:2013 Information Security Management System is to demonstrate that information security management is ensured for SETABAYT's human resources, infrastructure, software, hardware, user information, institutional information, third-party information and financial resources; to ensure risk management; to measure information security management process performance and to regulate relations with third parties on information security issues.

In this regard, the objectives of our Information Security Policy are:

• To ensure the continuity of the three main elements of the Information Security Management System in all activities carried out:
  • Confidentiality: Prevention of unauthorized access to important information,
  • Integrity: Demonstration that the accuracy and integrity of information is ensured,
  • Availability: Demonstration that authorized persons can access information when necessary,
• To protect Setabayt Information and Technology Services Inc. information assets against all kinds of threats that may occur intentionally or unintentionally from inside or outside, to ensure accessibility to information in accordance with business processes, to meet legal requirements, to carry out continuous improvement studies,
• To deal with the security of all data, not only data held in electronic environment; but also written, printed, verbal and similar data,
• To raise awareness by providing Information Security awareness training to all personnel,
• To report all real or suspected vulnerabilities that pose a threat to Information Security to the ISMS Team and to ensure that they are investigated by the ISMS Team,
• To prepare, maintain and test business continuity plans,
• To identify existing risks by conducting periodic evaluations on Information Security; to review and follow up action plans based on evaluation results,
• To prevent any kind of dispute and conflict of interest that may arise from contracts,
• To meet business requirements for information accessibility and information systems.