ISO/IEC 27001:2022

Information Security, Cybersecurity and Privacy Protection Management System Policy

3C1B Telecommunications Inc. top management declares its commitment to safeguarding information assets, managing risk and continuous improvement through this policy.

Document No BGEK-02
Issue Date 07.10.2025
Revision No / Date 00/-
Page Count 2
Standard ISO/IEC 27001:2022
Download PDF · Turkish

Scope and Purpose

The core purpose of our Information Security, Cybersecurity and Privacy Protection Management System is to demonstrate that information security management is in place across personnel, infrastructure, software, hardware, organizational information, third-party information and financial resources within the scope of Personal Data and Information Security Activities; to safeguard risk management; to measure the performance of information security management processes; and to govern relationships with third parties on matters concerning information security.

To this end, under our ISMS Policy we commit to;

  1. 01

    Protecting information assets against any threat — internal or external, intentional or unintentional; ensuring access to information through business processes as required; meeting legal and regulatory requirements; and conducting continuous improvement activities.

  2. 02

    Managing personal data and information assets; identifying the security values, needs and risks of those assets; and developing and implementing controls to address security risks.

  3. 03

    Sustaining, throughout all activities, the three core elements of the Information Security, Cybersecurity and Privacy Protection Management System.

    Confidentiality:
    Preventing unauthorized access to information and information assets,
    Integrity:
    Demonstrating that the accuracy and completeness of information are maintained,
    Availability:
    Demonstrating that authorized parties can access information when required.
  4. 04

    Defining the framework that will determine the methods for identifying personal data, information assets, their values, security needs, vulnerabilities, threats to assets and the frequency of those threats.

  5. 05

    Providing the financial resources and personnel required to treat risks.

  6. 06

    Continuously monitoring risks by reviewing technological expectations within the scope of services provided.

  7. 07

    Complying with national and international regulations, laws and applicable legislation; meeting contractual obligations; and satisfying information security requirements arising from corporate responsibilities toward internal and external stakeholders.

  8. 08

    Reducing the impact of information security threats on service continuity and contributing to that continuity.

  9. 09

    Preparing, maintaining and testing business continuity plans.

  10. 10

    Pursuing environmentally responsible and socially conscious activities that advance environmental sustainability and address climate change

  11. 11

    Ensuring continuous improvement.

As 3C1B Telecom Inc., we commit to complying with the requirements set out under the ISMS and to continuously improving the effectiveness of the system.

Prepared by Approved by
ISMS Coordinator General Manager