Turkish Airlines Technology Inc. is a technology organization that has been passionately fulfilling the technology needs of Turkish Airlines and its subsidiaries for years, and now, with this experience, aims to offer innovative, agile, value-oriented and international products and services in local and global markets focused on the aviation and air cargo sector.
Turkish Airlines Technology Inc. hereby declares its Information Security Policy in order to ensure the security, and when necessary, to destroy or anonymize all kinds of information assets (electronic records, video recordings, pictures, printed documents, verbal information, etc.) which belong to it or which it is liable to protect in accordance with the national and international laws, regulations, contracts, standards and ethics.
This policy covers all Turkish Airlines Technology Inc. units that use the information systems of Turkish Airlines Technology Inc., and the consultants, contracted employees, subcontractors, interns, and the service, software or hardware providers that provide technical support, which have access to the information systems of Turkish Airlines Technology Inc. as a third party.
It is obligatory for the parties within the scope to comply with the regulations and requirements specified in the documents, including the sanctions, created by Turkish Airlines Technology Inc. to manage its relations with its employees and stakeholders.
According to the Information Security Policy of Turkish Airlines Technology Inc.;
- Principles of confidentiality, integrity and accessibility are the basic principle for information security in the processing, transmission and storage of information.
- Employees and stakeholders of Turkish Airlines Technology Inc. protect all information assets and access information allocated to them in accordance with the written regulations and commitments, and act within the framework of Turkish Airlines Technology Inc. policies when they need to be shared.
- On-site or remote access is not provided for any facilities, resources and information that have not been directly granted. Access authorizations are checked, tested when necessary or periodically, and rearranged if necessary.
- All information systems belonging to Turkish Airlines Technology Inc. are securely monitored, recorded and tested by Turkish Airlines Technology Inc. when necessary, in accordance with legal regulations.
- Appropriate cryptographic methods are used when transmitting and storing all critical information that is legally obligatory to be protected or that is risky for Turkish Airlines Technology Inc.
- Turkish Airlines Technology Inc. has created its Information Security Management System (ISMS) with a systematic risk approach methodology. It classifies all kinds of information assets with the methodologies it has determined, subjects them to risk analysis and applies controls to reduce the risks to the determined acceptable level.
- The management of all access authorizations and any transactions to be performed on these information assets are carried out by considering the asset's class value and risk value.
- All information security breaches (actual or suspected) are reported to Turkish Airlines Technology Inc. Cyber Defense Center (CDC). All the reported incidents are intervened by Turkish Airlines Technology Inc. Cyber Defense Center (CDC).
- All Turkish Airlines Technology Inc. employees act with the principle of “knowing on a need-to-know basis” and make a written commitment to abide by the confidentiality rules.
- Turkish Airlines Technology Inc. ensures the security of information and access in its relations with third parties through written contracts and the commitments received from third parties.
- The Information Security Policy and Information Security Management System (ISMS) of Turkish Airlines Technology Inc. are periodically reviewed at the Compliance Review Board meetings and revised within the framework of the principle of continuous improvement.