Information Security and Personal Data Protection Policy Istanbul Beykent University’s Information Technology Department manages information security processes in compliance with the ISO/IEC 27001:2013 Information Security Management System (ISMS) standard and takes all necessary administrative and technical measures in accordance with the Personal Data Protection Law No. 6698 (PDPL). Our primary goal is to protect the organisation’s information assets, ensure the security of personal data, and minimise operational risks.ISO 27001: Information Security Management System (ISMS) PracticesThe principles of confidentiality, integrity, and availability are taken as the basis for ensuring information security. The technical measures implemented in this context include:Risk management and regular assessment of information assetsPolicy and procedure documentation, implementation and monitoring of ISMS processesContinuous improvement of systems through regular internal and external audits (ISMS Internal Audit)Developing and testing incident management and disaster recovery (DRP) processesPDPL Compliance Processes and Personal Data SecurityWithin the scope of the PDPL No. 6698, administrative and technical measures are taken for the processing and protection of personal data:Preparation of a personal data inventory and process-based data classificationImplementation of data masking, anonymisation, and encryption methodsEffective management of access authorisation and logging processesDevelopment of data breach notification mechanisms and crisis management processesImplementation of data retention and destruction policiesTechnical Measures and Security Solutions1. Network and System SecurityIntrusion Detection and Prevention Systems (IDS/IPS)Advanced Security Firewalls (Next-Generation Firewall) and VPN servicesIsolation of critical systems through network segmentationPenetration testing and regular vulnerability scans2. Data SecurityData encryption and integrity checkingCentralised backup and disaster recovery infrastructureData Loss Prevention (DLP) solutions for protecting sensitive data3. Identity and Access ManagementMulti-Factor Authentication (MFA) and Single Sign-On (SSO)Access control matrices and user authorisation controlsAnomaly detection through logging and monitoring systems4. Malware and Email SecurityAntivirus and antimalware solutionsEmail security scanning and phishing protectionDigital signature and email encryption services5. User Awareness and Training ProgrammesInformation security awareness trainings and simulations for social engineering attacksPersonal data protection awareness sessionsSecure password policies and data sharing protocolsAim and ContinuityThe aim is to maintain continuity of systems, effective management of risks and full compliance with legal requirements. Audits within the framework of ISO 27001 ISMS, along with compliance efforts with the PDPL, are continuously monitored and updated. Facebook'ta Paylaş Twitter'da Paylaş LinkedIn'de Paylaş E-posta Gönder Whatsapp'ta Paylaş