Information Security Policy
TAV Technologies commits to protect against any threats that may arise in accordance with the relevant law on risk analysis method which examines the information confidentiality, integrity and availability values that it possesses in order to process the processes carried out in the airports of Istanbul, Ankara and İzmir campuses within the boundaries of Turkey correctly and effectively.
- The Information Security Policy has been approved by the General Manager of TAV Technologies.
- TAV Technologies will provide the following benefits with the implementation of this policy;
- Any information in line with the requirements of the business processes shall be accessible by the departments within the scope of service providers, customers and related third parties with minimum lose.
- The integrity of the information shall be protected in all cases.
- The confidentiality of the information produced and/or used shall be guaranteed in all cases.
- Proper access control shall be provided and the information shall be protected against unauthorized access.
- The risks will be reduced to acceptable levels through the design, implementation and continuation of the Information Security Management System.
- Information; will be independently protected from the usages such as electronic communication of information, sharing with third parties, research use, physical or electronic storage.
- The requirements which are determined by Turkish Republic laws, regulations, circulars and contracts will be provided and the Information Security Management System will be made compatible with these.
- The principles of business continuity management shall be established and applied in order to protect critical business processes from the effects of major disasters and operational errors. The durability of the business continuity plan will be ensured and tested.
- Trainings to encourage employees to contribute to the functioning of the system by raising the awareness of information security will be regularly provided to the employees of the institution and to new employees.
- Violations and suspicious cases within the scope of information security will be reported; nonconformities which are causing violations will be determined, precautions will be taken to prevent them from repeating by finding root causes.
- It will be acted in accordance with the “Clean Desk/Clean Screen” principles in working areas.
- The employees of the Institution will be informed on the basis of “need to know basis” in all activities.