Information Security Management System Policy

Zemin Etud ve Tasarim A.S., plays an active role in the field of geotechnical engineering in many large-scale projects at home and abroad, "In the field of geotechnical engineering; in ground and offshore drilling, in situ and laboratory tests, instrumental observation equipment supply and applications, shoring, soil improvement, deep (pile) foundation projects, quality control and consultancy activities". In this activities the main topics of TS EN ISO 27001: 2013 Information Security Management System (ISMS) are the demonstration of information security management provided for human, infrastructure, software, hardware, organization information, information belonging to third parties, customers and financial resources, the securing risk management, the measurement of information security management process performance and the regulation relations with third parties in matters related to information security.

In this direction, the purposes of our ISMS Policy are;

  • To manage information assets, to determine the security, needs and risks of these values, to develop and implement the controls for security risks,
  • To define the framework to be determined by the methods for determining information assets, values, security needs, vulnerabilities, threats to assets, and the frequency of threats,
  • To define the framework to evaluate the privacy, integrity and accessibility effects of threats on assets,
  • To reveal working principles for the processing of risks,
  • To monitor the risks continuously by reviewing the technological expectations in the context of the scope of service,
  • To provide information security requirements arising from their corporate responsibilities towards internal and external stakeholders, national or international regulations, fulfilling legal and relevant legislation requirements, meeting contractual obligations,
  • To reduce the effect of information security threats for service continuity and to contribute to continuity,
  • To have the competence to quickly intervene and minimize the effect of information security cases that may occur,
  • To secure and improve the level of information security over time with a cost effective control infrastructure,
  • To improve the reputation of the institution, to protect it from negative effects based on information security,
  • To continuously improve the Information Security Management System (ISMS),
  • To carry out our standards such as ISO 9001, ISO 14001 and OHSAS 18001 within the scope of ISMS.
+