Information Security Policy


SabancıDx considers corporate information as a very valuable asset. Loss, disruption, disclosure to third parties or theft of information and the supportive business systems hosting the information in a way that may harm Sabancı Dijital Teknoloji Hizmetleri A.Ş. may have a significant impact on the integrity and reputation of corporate operations. Therefore, all SabancıDx employees are required to be familiar with the Information Security principles.

Information security ensures the protection of the following qualities of information assets:

  • Confidentiality: Ensuring the information to be accessible only by the authorized individuals,
  • Integrity: Protecting the information against unauthorized modification and realizing such modifications,
  • Availability / Access Enabling the information to be available by the authorized users upon need.

SabancıDx applies ISO 27001 Information Security Management System, embracing the following goals:

  • Protecting the reliability and represented image of the company,
  • Ensuring continuity of main and supportive business operations of the company with minimum interruption,
  • Ensuring compliance with the laws, legislations and the contracts signed with the third parties,
  • Improving and maintaining the Information Security Management System constantly to manage risks effectively.

The policies and procedures of SabancıDx apply to all part time/full time SabancıDx employees, all SabancıDx employees with fixed term/permanent contracts, interns and third party service providers using SabancıDx information and/or SabancıDx information systems infrastructure, regardless of their geographical locations or divisions.

Users of SabancıDx information and/or SabancıDx information systems infrastructure are obliged to

  • Learn and abide by the Information Security Policy, the principles on the protection of confidential information stated in Business Conduct, and other respective policies and documents,
  • Ensure the confidentiality, integrity and access of corporate information in personal and electronic communications,
  • Take the precautions defined based on risk levels,
  • Report information security violations and take precautions to prevent such violations,
  • Abstain from conveying internal information sources (announcements, documents etc.) to unauthorized 3rd parties,
  • Abstain from using corporate information systems infrastructure for purposes against the legislation,
  • Protect the confidentiality, integrity, availability and access of information belonging to SabancıDx customers, business partners, suppliers or other third parties.