SANKO University Hospital information security policy; To demonstrate that information security management is provided within human, infrastructure, software, hardware, organizational information, third-party information and financial resources, to ensure risk management, to measure information security management process performance and to regulate relations with third parties on information security-related issues ;
To protect the confidentiality, integrity and accessibility of the information assets of the organization against all kinds of threats that may occur knowingly or unknowingly from inside or outside the hospital, To ensure the continuity of the three basic elements of the Information Security Management System in all activities carried out: Confidentiality: Preventing unauthorized access to important information. Necessary measures are taken to prevent disclosure by unauthorized persons. Integrity: Demonstrating that the accuracy and integrity of the information is provided. Necessary security levels have been established and implemented to protect the content against threats of alteration, deletion or destruction of information by unauthorized persons. Accessibility: Demonstrating the accessibility of information when necessary by those with authority. It is ensured that the information is ready for use and accessible whenever the information is needed and/or even if any problem or problem arises. Not only the data kept in electronic environment; To ensure the security of all data in written, printed, oral and similar media, To raise awareness by giving Information Security Management trainings to all personnel, To report all actual or suspicious vulnerabilities in information security to the ISMS Team and to ensure that they are investigated by the ISMS Team, Preparing, maintaining and testing business continuity plans. To determine the existing risks by making periodic evaluations on information security and to carry out continuous improvement works by reviewing the action plans as a result of the evaluations. To prevent all kinds of disputes and conflicts of interest that may arise from contracts, Meeting business requirements for information accessibility and information systems, Carrying out studies to increase information security awareness, To meet the information security requirements arising from the national or international regulations to which it is subject, fulfilling the legal and relevant legislation requirements, meeting the obligations arising from the agreements, and corporate responsibilities towards internal and external stakeholders, To improve corporate reputation and to protect it from negative effects based on information security. Necessary infrastructure for backing up all data has been provided, responsibilities have been determined and data is backed up regularly. Within the scope of asset management; Our assets that contain information about our assets are listed, classified, prioritized and evaluated on the basis of scope. Necessary responsibilities are determined and assignments are made regarding our assets that have been identified and inventoried. Rules regarding the use of assets are determined and implemented. Within the scope of the return of assets, the rules regarding the return of the data in the hands of the employees and companies whose duty is terminated are determined. In the destruction of information technologies such as computers, disks, servers, etc., the confidentiality and security of data is primarily ensured. The data in these hardware is copied before being destroyed and then deleted. Necessary information is destroyed after copying and deleting, thus eliminating the risk of other people getting the information.