Information Security Management System Quality Policy
PURPOSE
The main theme of TS ISO/IEC 27001:2017 Information Security Management System, in the informatics services of Süleyman Demirel University’s IT Department; people, substructure, software, hardware, student information, organization information, showing that information security method is being provided for information about the third parties and financial resources, to guarantee risk management, to measure the performance of information security management’s continuum and to arrange the relations with third parties about information security.
EXTENT
This policy includes all the informatic assets and users of Süleyman Demirel University.
RESPONSIBILITY
All staff of IT Department is responsible of this.
APPLICATION
- To protect Süleyman Demirel University Computing Department’s information assets against any threat that may ensue from inside or outside and knowingly or unknowingly, to provide accessibility to information appropriate to work time courses, to fulfill legislation requirements, to work towards constant improvement,
- To provide stability of the three main elements of Information Security Management System in every activity.
o Privacy: Preventing unauthorized access to important information
o Integrity: Showing that the integrity and correctness of information is being provided.
o Accessibility: Showing that people that have authority are able to access the information on situations where it is needed
- To attend the security of all the date and not just the data that is stored digitally, but the written, printed, spoken and data on similar settings.
- To give Information Security Management education to all staff and ensuring awareness-raising.
- To report every real or suspicious break in Information Security to BGYS team and ensure the BGYS team inquire it.
- To prepare plans for work stability, assimilate the plans and test them.
- To identify present risks by doing periodic assessments about Information Security. To overview action plans and supervise them with the results of the assessments.
- To prevent any disagreements or conflicts of interests that might arise from contracts.
- To fulfill work requirements for information accessibility and information systems.
- To actualize work towards improving information security awareness.