Information Security Policy
You can find the details of Ray Sigorta's information security policy, which operates an Information Security Management System based on ISO 27001, one of the prominent information security standards.
Information Security Policy
Ray Sigorta A.Ş. undertakes to meet the confidentiality, integrity, and accessibility requirements of the services it provides and the customer data subject to these services. Ray Sigorta A.Ş operates an Information Security Management System based on ISO 27001, one of the international information security standards, and the Information Security Policy supports the following purposes to protect the company's information assets:
-
To comply with applicable laws, regulations, and directives,
-
To create and operate controls to protect company information, personal data, and IT systems against information disclosure, misuse, and other types of damage and loss,
-
To ensure that the suppliers that Ray Sigorta A.Ş. and the Company are in cooperation with are obliged to comply with the Information Technologies security requirements specified by the VIG Group and the information security requirements of the VIG Group,
-
To ensure the confidentiality, integrity, and accessibility of information assets of Ray Sigorta A.Ş.,
-
To ensure that directors and employees fulfill their responsibilities regarding Information Technologies security, the information they have, and the Information Technologies devices and systems they use in order to minimize the risk of Information Technologies security incident/violation,
-
To immediately inform the relevant parties and legal authorities in case of an information security incident, and to ensure that the company can continue its services uninterrupted in such cases as well,
-
To identify business continuity and information security risks, reduce risks to acceptable levels, prepare and test business continuity plans, and ensure up-to-dateness and sustainability of the same,
-
To provide a flexible and adequate level of information security understanding for accessing corporate applications and Information Technologies systems outside the Ray Sigorta A.Ş. offices,
-
To transform the information security policy one of the primary responsibilities of all personnel,
-
To review and improve the Information Security Management System (ISMS) with regular internal audits.
Ray Sigorta A.Ş. fulfills the following commitments to achieve these purposes and support the policy:
-
Ray Sigorta A.Ş. undertakes to provide the necessary conditions for the Information Security Management System (ISMS), the boundaries of which are drawn with this policy, to be applicable.
-
It undertakes to regularly review the objectives and targets determined within the scope of ISMS in order for the same to comply with the strategic goals of the company and for continuous improvement of the Information Security Management System.
-
Ray Sigorta A.Ş. undertakes to raise the awareness of employees and stakeholders about the innovations, changes, and developments within the framework of this system by supporting the continuous improvement and development of the Information Security Management System.