Purpose

It’s aimed to establish an information security policy and define basic information security principles in compliance with the strategic direction of Ucuzabilet.

Scope

Information Security Policy covers organization and information defined in Scope and Limitations document.

Responsibilities

Top Management

Responsible for ensuring that the Information Security Policy meets the corporate needs, providing the necessary support and supervision for its implementation, reviewing the policy at least once a year or in cases of the corporate policy changes. This duty is carried out by the ISMS (Information Security Management System) Representative on behalf of top management and approved by the General Manager. 

ISMS Representative

The authority / person is responsible for every stage from establishment to operation and management of the Information Security Management System and reports to the top management.

ISMS Team

ISMS team appointed by the Top Management of UB is responsible for ensuring that the Information Security Policy meets the corporate needs, providing the necessary support and supervision for its implementation, reviewing the policy at least once a year or in cases of the corporate policy changes.

All Personnel

All personnel is responsible for fulfilling the requirements of the Information Security Policy required by their duties. 

Definitions

ISMS: Information Security Management System

ISMS Team: ISMS Team is an organization that represents the management, takes the responsibility to supervise and ensure the ISMS is in operation successfully. 

ISMS Internal Auditor: The person with the experience, training and certificate to inspect the ISMS, independent of the implementation and operation of ISMS. He/she is responsible for the internal audit of ISMS. Internal auditors may be someone from the company or may be outsourced. 

Management Support

The top management actually supports the ISMS with the activities it carries out under the roof of the ISMS Coordination team, the ISMS Representative and ISMS Internal Auditor personnel assignments, the ISMS investment, expense and training budgets, and management review activities.

The top management leads to achieve ISMS objectives by complying and promoting compliance with ISMS policies and procedures.

The top management shows the importance of information security risks management in terms of the reputation of the institution and the continuity of the activities by applying managerial activities and through corporate policies.

The top management evaluates the risks at least once a year and ensures the continuity and sustainability of the system by reviewing the Information Security Policy.

Information Security Policy

To identify risk acceptance criteria and risks, developing and implementing controls.

To ensure the implementation of the information security risk assessment process in order to identify the risks related to the loss of confidentiality, integrity and accessibility of the information within the scope of the information security management system, to identify the risk owners.

To define a framework for evaluating the confidentiality, integrity and accessibility of information within the scope of the information security management system.

To monitor the risks continuously by reviewing the technological expectations in the context of the scope of service.

To meet the information security requirements arising from the relevant national or sectoral regulations, fulfilling the legal and related legislation requirements, meeting the obligations arising from the agreements, and corporate responsibilities for internal and external stakeholders.

To reduce the impact of information security threats on service continuity and to contribute to continuity

To have the competence to respond quickly to information security incidents that may occur and to minimize the impact of the incident.

To maintain and improve the level of information security over time with a cost-effective control infrastructure.

To improve the corporate reputation, to protect it against the negative effects based on information security.

To increase corporate awareness on information that has different sensitivity levels in terms of confidentiality, to determine and implement the logical, physical and administrative controls recommended for information with different sensitivity levels and to define the rules of storage and destruction of data in portable media within the scope of information security of Ucuzabilet.

Ucuzabilet’s Top Management undertakes to implement, review and continuously improve the practices related to Information Security.

Protection of Personal Data Application Form