Information Security Policy
Softage Yazılım Anonim Şirketi (Estesoft)
At Softage Yazılım Anonim Şirketi (hereinafter referred to as "Estesoft"), we place information security at the forefront of our corporate priorities. This policy has been prepared to ensure the protection of information assets for our company, customers, and business partners in accordance with the principles of confidentiality, integrity, and accessibility.
1. Scope and Purpose
Our Information Security Management System (ISMS) policy covers all employees, suppliers, business partners, and third parties using Estesoft services. The main objectives of this policy are:
- Identifying information assets and establishing a risk management methodology for these assets
- Implementing control measures in line with confidentiality, integrity, and accessibility principles
- Protecting customer information confidentiality and ensuring compliance with legal requirements
- Allocating necessary hardware, software, training, and audit resources to reduce information security risks
2. Core Principles
Confidentiality
Only authorized persons can access information. All sensitive data, including customer and patient data, is protected by access control mechanisms.
Integrity
The accuracy and completeness of information is ensured. Necessary technical and administrative measures are taken against unauthorized modification, deletion, or corruption attempts.
Accessibility
System continuity and backup mechanisms are operated to ensure authorized users can access information whenever needed.
3. Responsibilities
All Estesoft employees and business partners are obligated to comply with this policy. In cases that could be considered an information security breach, relevant units must be notified immediately.
- Employees and business partners are included in ISMS processes through awareness training, incentives, and participation mechanisms
- The effectiveness of the ISMS is regularly monitored through internal and external audits
- Identified deficiencies are addressed through continuous improvement processes
4. Risk Management
A systematic risk management process is conducted for the identification, assessment, and treatment of information security risks. Risks are periodically reassessed and mitigation measures are updated accordingly.
5. Audit and Continuous Improvement
The suitability, adequacy, and effectiveness of the ISMS is regularly evaluated through internal audits, management reviews, and independent external audits. Findings are used to update the policy and control measures.
6. Contact
For questions regarding our Information Security Policy, please contact us at: [email protected]