Sabancı Dijital regards corporate information as a highly valued asset. The loss and impairment of information and the supporting business systems in which this information is hosted, the disclosure of this information to 3rd parties to harm Sabancı Dijital or theft of this information may have a serious impact on the integrity and reputation of the business activities of the company. Therefore, all Sabancı Dijital employees must be aware of the principles of Information Security.
Information security ensures that the following features of information assets are protected;
- Confidentiality: The information is accessible only to authorized persons,
- Integrity: The information is protected from unauthorized alterations and any changes are recognized,
- Availability / Accessibility: The information is available at any time to authorized users.
Sabancı Dijital has implemented ISO 20000 and ISO 27001 Information Security Management System and has adopted the following objectives;
- Protecting the credibility and the represented image of the company,
- Ensuring that the basic and supportive business activities of the company continue with minimum disruption,
- Ensuring compliance with laws, legislation and the contracts with third parties,
- Continuously improving the Information Security Management System to adequately address the risks.
Sabancı Dijital's policies and procedures apply to all full-time/part-time, temporary/permanent contracted Sabancı Dijital personnel, interns and third-party service providers who use Sabancı Dijital information and/or Sabancı Dijital information systems infrastructures, regardless of their geographic location or division.
Those who use Sabancı Dijital information and/or Sabancı Dijital information systems infrastructure;
- Learning and complying with the principles of the protection of confidential information specified in the Business Ethics Rules and other policies and documents along with the Information Security Policy,
- Ensuring the confidentiality, integrity, and accessibility of the information of the company in personal and electronic communication,
- Taking security measures determined according to risk levels,
- Reporting information security violation incidents and taking measures to prevent such violations,
- Not transmitting internal information sources (announcements, documents, etc.) to unauthorized 3rd parties,
- Not using the company information systems infrastructures for activities contrary to the legislation,
- Sabancı Dijital is obliged to protect the confidentiality, integrity, and accessibility of the information belonging to its customers, business partners, suppliers or other third parties.