Yükleniyor...

Our Information Security Policy

Information Security is the necessary measures and precautions taken to protect vital information in accordance with the principles of confidentiality, integrity, and availability.

Home
logo icon INFORMATION SECURITY POLICY DOCUMENT CODE: PR.BIM.016
PUBLISH DATE: 16.07.2020
REVISION DATE: 16.07.2020
REVISION NO: 00
DOCUMENT CLASS: CORPORATE – 1 –

1. GENERAL OVERVIEW

Information Security is the necessary measures and precautions taken to protect vital information in accordance with the principles of confidentiality, integrity, and availability, ensuring its protection, maintaining its integrity, and making it accessible and reachable.

  • Confidentiality: Protecting information from unauthorized access and preventing it from falling into the hands of unauthorized individuals.
  • Integrity: Ensuring that information is not altered by unauthorized individuals.
  • Availability: Ensuring that information is accessible and usable by authorized individuals when needed.

    • 2. SCOPE

This policy applies to all employees, interns, and outsourced workers of Hisar Hospital. All users must act in awareness of their responsibilities and legal obligations contained in this policy.

3. OBJECTIVE

The objective of this policy is to protect the institution’s reliability and the image of the authority it represents, ensure compliance in contracts made with third parties, and maintain the continuity of the institution’s core and supporting business activities with minimal disruption.

4. RESPONSIBILITY

The Information Security Management Board is responsible for keeping the risks to the company’s information assets at an acceptable level approved by senior management.

5. INFORMATION SECURITY PRINCIPLES

  • Compliance with the principle of protecting confidential information and adhering to other policies and documents,
  • Ensuring the confidentiality, integrity, and availability of company information in personal and electronic communications,
  • Not sharing internal information resources (documents, announcements, etc.) with unauthorized third parties,
  • Protecting the confidentiality, integrity, and availability of information belonging to Hisar Hospital’s customers, business partners, suppliers, or third parties.
  • Not using the company’s information systems and infrastructures for activities contrary to regulations,
  • Reporting information security incidents and taking measures to prevent these violations.
  • To ensure the applicability of the Information Security policy, the established rules and measures should be reviewed periodically, continuously improved, and action plans prepared.
  • Identifying, evaluating, and preparing risk treatment plans for information security risks.

6. VIOLATIONS OF RULES AND SANCTIONS

In the event of a violation of this policy, the reason for the violation will be investigated by the Hisar Hospital Information Security team with the necessary personnel support. If the violation is unintentional and arises from a lack of training or similar deficiencies, efforts will be made to address the underlying issue. In case of non-compliance with the Information Security policy, procedures, and instructions, the institution may implement actions such as warnings, reprimands, fines, and contract termination.

  • Ensuring that the information security management system is audited regularly and continuously improved.

General Information Security Approach:

As Hisar Health Services Inc.; we aim to manage all risks related to our information security, business continuity, and information assets.

  • Considering our corporate data and information (personnel personal information, customer and supplier data, and others) as valuable and critical, we commit to fulfilling the obligations required by laws and standards related to information security,
  • Ensuring the uninterrupted continuation of information technology services used in our corporate activities and providing the necessary infrastructure to ensure that information is accessible only by authorized individuals,
  • Establishing, documenting, and continuously improving the Information Security Management System required by the TS ISO/IEC 27001:2022 standard,
  • Following legal regulations and conditions related to information security,
  • Conducting necessary trainings to raise awareness of information security,
  • Ensuring that external service providers meet the needs and requirements of the information security system,
  • Defining the information security requirements of third parties, customers, and suppliers, and ensuring their compliance with the information security management system,
  • We commit to determining our company’s information security standards and regularly auditing and ensuring compliance.
Prepared by Controlled by Approved by
INFORMATION PROCESSING MANAGER QUALITY DIRECTOR RESPONSIBLE MANAGER
logo icon INFORMATION SECURITY POLICY DOCUMENT CODE: PR.BIM.016
PUBLISH DATE: 16.07.2020
REVISION DATE: 16.07.2020
REVISION NO: 00
DOCUMENT CLASS: CORPORATE – 1 –

Download

En iyi site deneyimi sağlamak için çerezlerden faydalanıyoruz. Sitemizi kullanmaya devam etmeniz gizlilik politikamızı kabul ettiğiniz anlamına gelir..

Tamam