0850 466 76 82
EN
EN TR
 

Our Information Security Policy

Home > Our Information Security Policy

Our Information Security Policy

Rova Bilişim As such, while prioritizing customer satisfaction in all the products and services we offer, ensuring the security of our information assets is one of our top priorities. Information security encompasses not only the protection of our technological infrastructure, but also the integrity and confidentiality of our trade secrets, customer information, employee data, and operational processes.

1. Purpose of the Policy

The purpose of this Information Security Policy is to protect all information assets owned by Rova Bilişim against unauthorized access, disclosure, corruption, loss, and interruption, and to make information security awareness a part of the company culture.

2. Scope

Bu politika, Rova Bilişim bünyesindeki tüm çalışanları, danışmanları, stajyerleri, taşeronları, tedarikçileri ve bilgiye erişimi olan tüm üçüncü tarafları kapsar. Aynı zamanda şirketin kullandığı tüm bilgi sistemleri, elektronik veriler, basılı belgeler, yazılımlar, donanımlar, ağ altyapıları ve bu sistemleri yöneten süreçler de bu politika kapsamında değerlendirilir.

3. Our Information Security Goals

  • Ensuring the confidentiality, integrity, and availability of information,
  • Ensuring business continuity
  • To fulfill legal, regulatory, and contractual obligations,
  • Maintain and enhance customer and stakeholder trust,
  • Establishing and maintaining appropriate controls against internal and external threats,
  • Minimizing the impact of risks such as human error, malicious activity, or natural disasters.
  • Ensuring that all employees are aware of information security.

4. Application Principles

At Rova Bilişim, we adhere to the following principles to ensure information security:

  • Privacy: Information should only be accessible to authorized persons.
  • Integrity: The accuracy and integrity of information must be maintained, and unauthorized changes must be prevented.
  • Accessibility: Information should be accessible in a way that supports the continuity of business processes.

5. Risk Management

Our company regularly assesses risks that threaten information assets. Appropriate security controls are identified and implemented for each information asset. The risk assessment process is continuously updated, and proactive measures are taken against information security threats.

6. Legal and Regulatory Compliance

Rova Bilişim undertakes to fully comply with the Personal Data Protection Law No. 6698 (KVKK), Intellectual and Industrial Property Rights Legislation, Electronic Communications Law, and all other relevant legal regulations and contractual obligations.

7. Employee Responsibilities

  • All employees are required to comply with information security policies, procedures, and instructions.
  • Every employee is responsible for understanding the information security risks within their area of responsibility and taking the necessary precautions.
  • Any possible violations and suspicious situations should be reported to the Information Security Officer immediately.

8. Access Control

Access to information systems and data is restricted according to authorization levels. Each user is only granted access to the data necessary to perform their duties. Access rights are reviewed on a regular basis.

9. Physical and Environmental Security

Company offices, server rooms, and other critical areas are physically protected. Unauthorized access is prevented. Necessary measures are taken against disasters such as fire, flood, and earthquake.

10. Incident Management and Breach Notification

When an information security breach is detected, it is handled in accordance with pre-determined procedures. In the event of a breach, rapid intervention is taken, necessary notifications are made, and post-incident remediation efforts are carried out.

11. Continuous Improvement

Our information security performance is regularly measured through internal audits, risk analyses, employee feedback, and external audits. Our policy is reviewed and continuously improved in line with evolving technology, changing business needs, and new threats.

12. Policy Ownership and Updates

This policy, Rova Bilişim Information Security Committee It is carried out by and reviewed regularly at least once a year. Necessary revisions are made in line with new risks, technological developments, and regulatory changes.