Information Security Policy
Our company's senior management has defined the BGYS policy to provide a framework for the establishment and review of BGY's objectives, which will include the responsibilities of the services provided by our company, the commitment to comply with the regulatory requirements and the continuous improvement of its effectiveness.
Our company's senior management ensures that the BGYS policy is communicated and understood and reviews it in the management's review for continuous compliance.
As the management of DEVA, according to our mission and vision, providing information technology services to our contractual clients is our priority area of work. Our Production and Services are continued within the scope and boundaries of BGYS to help our customers meet the expectations of the institutions / organizations we serve under the contract at a high level, improve their information processing capabilities, be aware of technological developments and their activity / process / performance goals.
Within the scope and limits of BGYS, any confidential / commercial / private information processed in all information technology systems we serve is the privacy of the client of the institution / organization we serve, and this information is not available anywhere / person / institution / organisation without the knowledge / consent of the customer, subject to the Privacy / Integrity / Accessibility terms.
The DEVA BGYS policy takes into account contractual or third-party obligations or dependencies that will comply with legal and regulatory requirements, provided that they remain within the scope and limits of DEVA GGYS.
As DEVA, we provide information to our stakeholders by defining service management requirements and frameworks in parallel with our service management goals, and use resources to fulfil them. Again, we are continuously improving BGYS conditions.
The DEVA declares that, within the above-mentioned framework, it will demonstrate its commitment to the establishment, implementation, operation, monitoring, review, maintenance and improvement of the Information Security Management System (ISMS) by implementing the following aspects:
Risk analysis has been carried out and risk assessments and risk criteria have been established based on the results of the analysis. It identified the importance of meeting information security objectives and compliance with information security policies, their responsibilities to the law and the need for continuous improvement, and ensured their continuity. It has provided adequate resources (financial, human resources, equipment, software, security, consultancy, training, etc.) to establish, implement, operate, monitor, review, maintain and improve BGYS. organize and manage the necessary work to determine criteria for acceptance of risks and acceptable levels of risk at least once a year, reviewing the BGYS Policy and making adjustments where deemed necessary, to notify the parties concerned.