Our Policy

The purpose of this policy is to define the security objectives and ISMS commitment for Diş Tedavim. By auditing compliance with security standards and continuously reviewing and improving them, it ensures that the required level of security is achieved and maintained. It also defines corporate information security methods.

Since this policy covers all IT systems and related information assets in our company, all personnel are responsible. Every Diş Tedavim employee is responsible for protecting electronic information within their authority. Resources to be protected include, but are not limited to, the company network, computers, software, portable media, and data. These resources must be protected against physical and logical threats, unauthorized access, sabotage, and malicious or careless use.

• Creating, documenting, and continuously improving documentation in accordance with ISO 27001 standards,
• Achieving company and department goals with a team spirit, based on the Total Quality philosophy and adopting customer satisfaction,
• Ensuring secure access to information assets for itself and its stakeholders,
• Protecting the availability, integrity, and confidentiality of information,
• Evaluating and managing risks that may arise on its and stakeholders' information assets,
• Establishing the necessary infrastructure and working environment by considering risks to information assets,
• Periodically reviewing the information security policy and statement of applicability to maintain compliance with conditions,
• Protecting the institution's reliability and brand image,
• Applying necessary sanctions in case of information security violations,
• Meeting the requirements of national, international, or sectoral regulations, relevant laws and standards, contractual obligations, and institutional responsibilities toward internal and external stakeholders,
• Reducing the impact of information security threats on business/service continuity and ensuring sustainability,
• Maintaining and improving the level of information security through the established control infrastructure,
• Managing risks to information assets systematically, and conducting training to develop technical and behavioral competencies to raise information security awareness,
• Encouraging innovative and creative approaches, managing activities to provide training that increases technical and behavioral competencies, and striving to be a leading organization in the sector in terms of quality,

IS COMMITTED.

In the event of a violation of the Corporate Information Security Policies, necessary actions will be taken in accordance with the laws and relevant articles specified in the Disciplinary Regulation, with the approval of the Information Security Board and the relevant manager.