Information Security Policy

PICUS, business processes, products, services and corporate identity with information security principles and policies are in full harmony; It is a leading company in its sector, which has established and effectively operates these assurances against its stakeholders, partners, customers and employees.

The Information Security Management System (ISMS) has been established in PICUS to maintain the confidentiality, integrity and availability of information by applying asset and risk management processes and providing assurance to the relevant parties that the risks are managed correctly.

ISMS is a part of PICUS's corporate processes and general management structure. Information security processes were taken into account in the design of information systems and controls and scaled in line with the needs of PICUS.

PICUS has targeted the ISO/IEC 27001:2013 in accordance with the scope of ISMS it is applying and can use this standard to demonstrate to internal and external stakeholders the ability of PICUS to meet their information security requirements.

Information Security Policy expresses requirements, definitions, rules, practices, responsibilities and workflows based on business needs and regulated according to relevant laws and standards, in line with and supporting PICUS's corporate business objectives. The information security policy created for this purpose will provide the following basic requirements:

• Supporting business strategy and corporate goals
• To comply with laws, standards and contracts.
• Documenting the ISMS in a way that fulfills the requirements of the ISO/IEC 27001:2013 standard, making it a corporate culture and continuously improving it
• Managing existing and anticipated information security processes, risks and threat environment
• To implement effective risk management to keep the confidentiality, integrity and availability values of all assets and processes within the scope of ISMS belonging to PICUS, especially information assets and business processes, above an acceptable level
• To create information security awareness of PICUS employees, partners and stakeholders with ISMS and inform everyone about Information Security Policy and ISMS practices.
• To ensure information security in PICUS business processes, to increase the quality of its products and services and the efficiency of the processes, thanks to ISMS; provide the necessary assurance to its employees, stakeholders and partners

This policy aims to guide all activities related to information security in PICUS and to reveal information security processes and controls with the support of sub-documents.
Published: 09.11.2021 - v3

The Business Continuity policy has been established in order to operate, manage, measure, and continuously improve the business continuity management system within PICUS, in line with and support the corporate business objectives of PICUS. It refers to definitions, rules, practices, responsibilities, and workflows based on business needs and regulated by relevant laws and standards. This policy is in an active relationship with ISMS and IT SMS and aims to progress through common values ​​in necessary process management.

This policy will guide all activities of PICUS related to business continuity and will provide the following basic requirements:

a) Supporting business strategy and corporate objectives
b) Complying with laws, standards, and contracts
c) Managing existing and anticipated business continuity processes, risks, and threat environment
d) To ensure the continuity of all assets and processes within the scope of PICUS' BCMS, especially information assets and processes.

While PICUS meets business continuity requirements, it has planned, implemented, and regularly controlled the processes necessary to carry out activities that address risks and opportunities. It implements determined plans and exercises to achieve these goals. It retains written information to the point where it is certain that these processes are carried out as planned, reviews the results of undesired changes by controlling the testing and exercises processes, as well as planned changes, and can take new actions if necessary to mitigate negative effects.

The business continuity policy is reviewed at regular intervals or when significant changes occur by Senior Management in order to measure the operability of the system and is updated as needed to ensure continuous suitability, accuracy, and effectiveness.

This policy is intended to be accessible and understandable to all employees and the target audience, including relevant external parties. All employees and external parties defined in the BCMS are obliged to comply with this policy and the processes supporting this policy.
Published: 06.07.2022 - v2

PICUS, business processes, and customer services are in full compliance with the IT Service Management principle and policy; It is a leading company in its sector, operating effectively against its Stakeholders, Customers, and Employees.

The Service Management Policy has been established to operate, manage, measure, and continuously improve the information technology service management system within PICUS and has been approved by the highest level of management. With this policy, PICUS will provide the following basic requirements to manage its service management purposes and achieve the determined business objectives:

a) Supporting business strategy and corporate goals

b) To comply with laws, standards, and contracts

c) To manage the objectives, processes, and risks of current and anticipated service management,

d) Keeping information technology services operational, managing changes, and using information technology services according to business needs

d) To ensure the success, performance, and quality of all services and processes within the scope of PICUS's IT SMS, in line with the targets

e) Ensuring that all services determined by service catalogs within the scope of IT SMS are provided in accordance with the Service Level Agreements (SLA), their performance is measured and reported; To increase customer satisfaction by providing continuous improvement in line with technological changes and business requirements

f) To manage accessibility and capacity by making the necessary monitoring and to reduce costs by making the right financial and resource management.

The service management policy is reviewed at regular intervals or when significant changes occur in order to measure the operability of the system and services, in order to ensure continuous suitability, accuracy, and effectiveness, and is approved by the Senior Management.
Published: 06.07.2022 - v2