Hercules Biyomedikal Elektrik Elektronik Arge Tic. A. Ş.
INFORMATION SECURITY POLICY
To ensure an acceptable level of information security risk, Hercules Biyomedikal Elektrik Elektronik Arge Tic. A. Ş. is required to design, implement and maintain a coherent set of policies, standards, procedures and guidelines to manage risks to its data and systems. Hercules Biyomedikal Elektrik Elektronik Arge Tic. A. Ş. is fully aware that confidentiality, integrity and accessibility of information in all forms play a critical role in all sustainable growth practices.
This document addresses the policies, standards and guidelines. Data/process owners, in conjunction with asset custodians, are responsible for creating, implementing and updating operational procedures to comply with the requirements outlined in this document.
Hercules Biyomedikal Elektrik Elektronik Arge Tic. A. Ş. management undertakes the establishment, implementation, operation, monitoring, review, maintenance and continuous improvement of the Information Security Management System in accordance with ISO/IEC 27001 Standard in order to ensure the confidentiality, integrity and accessibility of the information it is obliged to protect.
In our company developing Wearable Technology for Injury Prevention and Training Optimization, we are obliged;
-
To comply with the terms and legal requirements arising from the contracts,
-
To monitor recent information security threats related to our the activities and carry out them with a perspective that will not result in any significant vulnerabilities,
-
Ensure an acceptable level of information security posture outside of our primary control zones via contracts (i.e. Service Level Agreements) between business partners,
-
To carry out our activities in accordance with the well-defined standards required by the sector,
-
To ensure that the development and operational activities are conducted in an effective, correct, fast and safe manner,
-
To perform our activities with the awareness of the risks on confidentiality, accessibility and integrity in accessing all kinds of corporate and personal information assets belonging to our company, customers, employees, suppliers and business partners,
-
To make the information security management system and information security awareness a corporate culture,
-
To ensure the preparation, implementation and testing of the necessary plans to ensure an acceptable business continuity and service continuity.
We are;
-
Ensuring that risks to our information assets and processes are assessed and processed in accordance with accepted risk management methodologies,
-
Committed to all our stakeholders to be in contact with special interest groups in order to benefit from the developing technologies and knowledge in our sector where we offer software development services.
Within Hercules Biyomedikal Elektrik Elektronik Arge Tic. A. Ş., applications and products are subject to security assessments based on the following criteria:
-
New or Major Application/Product Release – will be subject to a full assessment prior to approval of the change control documentation and/or release into the live environment.
-
Third Party or Acquired Application – will be subject to full assessment after which it will be bound to policy requirements.
-
Point Releases – will be subject to an appropriate assessment level based on the risk of the changes in the application functionality and/or architecture.
-
Patch Releases – will be subject to an appropriate assessment level based on the risk of the changes to the application functionality and/or architecture.
-
Emergency Releases – An emergency release (if any) will be allowed to forgo security assessments and carry the assumed risk until such time that a proper assessment can be carried out. Emergency releases will be designated as such by the Chief Information Officer or an appropriate manager who has been delegated this authority.
-
CEO
Erhan Ertan