Information Security Policy

PICUS, business processes, products, services and corporate identity with information security principles and policies are in full harmony; It is a leading company in its sector, which has established and effectively operates these assurances against its stakeholders, partners, customers and employees.

The Information Security Management System (ISMS) has been established in PICUS to maintain the confidentiality, integrity and availability of information by applying asset and risk management processes and providing assurance to the relevant parties that the risks are managed correctly.

ISMS is a part of PICUS's corporate processes and general management structure. Information security processes were taken into account in the design of information systems and controls and scaled in line with the needs of PICUS.

PICUS has targeted the ISO/IEC 27001:2013 in accordance with the scope of ISMS it is applying and can use this standard to demonstrate to internal and external stakeholders the ability of PICUS to meet their information security requirements.

Information Security Policy expresses requirements, definitions, rules, practices, responsibilities and workflows based on business needs and regulated according to relevant laws and standards, in line with and supporting PICUS's corporate business objectives. The information security policy created for this purpose will provide the following basic requirements:

• Supporting business strategy and corporate goals
• To comply with laws, standards and contracts.
• Documenting the ISMS in a way that fulfills the requirements of the ISO/IEC 27001:2013 standard, making it a corporate culture and continuously improving it
• Managing existing and anticipated information security processes, risks and threat environment
• To implement effective risk management to keep the confidentiality, integrity and availability values of all assets and processes within the scope of ISMS belonging to PICUS, especially information assets and business processes, above an acceptable level
• To create information security awareness of PICUS employees, partners and stakeholders with ISMS and inform everyone about Information Security Policy and ISMS practices.
• To ensure information security in PICUS business processes, to increase the quality of its products and services and the efficiency of the processes, thanks to ISMS; provide the necessary assurance to its employees, stakeholders and partners

This policy aims to guide all activities related to information security in PICUS and to reveal information security processes and controls with the support of sub-documents.