Policy — ISO-05
Information Security Policy
As a Contract Research Organization (CRO), we accept protecting the confidentiality, integrity, and accessibility of information as our highest priority commitment in all our activities.
- Protecting Information Assets: Safeguarding all sensitive data belonging to sponsors, customers, and clinical research volunteers, plus corporate information assets against unauthorized access, misuse, and cyber threats.
- Legal and Sectoral Compliance: Meeting information security obligations arising from the Personal Data Protection Law (KVKK), ISO/IEC 27001 standard, ICH-GCP guidelines, and other national/international legal regulations and contracts.
- Risk Management: Periodically assessing information security risks and implementing necessary technological and administrative controls to reduce them to acceptable levels.
- Awareness and Competence: Based on "Security starts with people," organizing training to increase employee and stakeholder awareness on information security while developing security culture.
- Business Continuity: Maintaining and testing business continuity plans to prevent service disruption during information security breaches or disaster scenarios.
- Continuous Improvement: Regularly measuring Information Security Management System (ISMS) performance, following technological developments, and continuously improving and keeping the system dynamic.