Annanowa people, infrastructure, software, hardware, user information, organization information, information belonging to third parties, to demonstrate that information security management is provided, to secure risk management, to measure information security management process performance and to regulate relations with third parties on information security issues, in order to manage all kinds of risks to our assets in the field of information security and to implement the ISO 27001 standard for business continuity as follows. We present this scope to your information as follows.

It attaches importance to ensuring the security of the activities related to the products and services it offers to its customers and stakeholders.
It is aimed to be integrated, compatible and balanced with business processes. Integrated and dynamic business strategy requires the security and continuity of information assets.
It adopts the principle of taking precautions against risks that may threaten the confidentiality, integrity and accessibility of products and services that provide value to its customers and stakeholders.
Information security targets compatible with this policy and the purpose of the organization are determined and compliance is measured at regular intervals and continuous improvement opportunities are evaluated.
Information security is possible by ensuring the confidentiality, integrity and accessibility of information assets.

Information;

The requirement of confidentiality is that it should be accessible only by authorized persons,
The requirement of accessibility means that information assets should be usable by authorized users when needed.
The requirement of integrity means that information assets are complete and accurate, and protected from unauthorized changes,
As the Seccops family, we aim to carry out information security activities for the following purposes without compromising the principles mentioned above:

Works to comply with all legal regulations and agreements related to information security,
Works to systematically manage and implement risks to information assets,
Works to document and continuously improve the information security management system in a way that meets the requirements of the ISO 27001 standard,
Conducting trainings that will develop technical and behavioral competencies in order to increase information security awareness and measuring these trainings.
The scope of the Information Security Management System is determined by the management in line with business strategies by determining information assets, evaluating the information security expectations of relevant parties such as customers, suppliers and business partners, and evaluating legal and contractual obligations, if any.
It carries out the necessary work to ensure compliance with the relevant laws and regulations, including the Personal Data Protection Law. The internal audit, management review, corrective activities and steps to be taken to determine risks and opportunities required for the continuous improvement of the ISMS are provided by the management and the teams to which the management has assigned information security responsibility. All roles and responsibilities related to information security are determined and authorizations are made by the management.
It adopts the principle that the data produced on the developed software will be produced, stored and destroyed in accordance with the Information Security Management System, Personal Data Protection Law and Personal Information Management System principles.
Necessary arrangements are made to prevent interruptions that may occur in critical business processes, and in cases where they cannot be passed, they are made operational again within the targeted recovery period.
Within the scope of the Information Security Management System, the confidentiality, integrity and accessibility of our customers’ information assets are ensured. Critical business processes related to the customer are made continuous.
The Information Security Management System is continuously improved.
Necessary measures are taken to ensure security in internal work areas such as secure work areas, archive rooms, system rooms and around the institution.

By managing our activities in an integrated manner with the other management systems we implement, we act with the responsibility of being an exemplary organization in terms of information security in the cyber security consultancy, R&D and cyber security training sector.