BİLGEM Quality Policy
In line with its vision, mission, and core values, the BİLGEM Quality Policy is as follows:
- To ensure Turkey's information security and technological independence in the field of information technology,
- To secure research and development (R&D) activities under the leadership of top management, based on acquired knowledge and experience, with the aim of continuously enhancing competitiveness and delivering unique and high-value products and services,
- To effectively communicate with our military, public, and private sector strategic partners and manage their feedback in order to meet their needs for technology, products, and services at the highest level of stakeholder satisfaction,
- To ensure the applicability of the BİLGEM Quality Management System in an effective, efficient, and sustainable manner,
- To continuously improve our processes through corrective and preventive actions by monitoring the performance, risks, and opportunities of our processes with the participation of our stakeholders, appropriate technological infrastructure, and an effective measurement system,
- To create awareness of the Quality Management System,
- To monitor the competencies of BİLGEM human resources in order to provide solutions that add value and guide stakeholders,
- To support the continuous improvement of the system and ensure resource adequacy by involving stakeholders in the Quality Management System.
BİLGEM Corporate Risk Management Policy
BİLGEM believes in the importance of risk management in order to create value with the technology, products and services it offers to its stakeholders, to increase stakeholder satisfaction, to achieve effective results by using its resources in the most efficient way and to ensure their sustainability. As an indicator of this, it considers Risk Management in all its managerial and operational activities.
In order to carry out its activities in a sustainable manner in line with its mission and to achieve its goals and objectives set out in its strategic plan, it identifies, grades, takes necessary measures, monitors and regularly reports corporate risks with an appropriate technology infrastructure and an effective systematic. It also continuously improves its risk management approach through reviews. It uses risk management models accepted in national and international practices for the integrated management of risks.
It is committed to ensuring that the necessary resources are available to fulfill the obligations and execute the actions related to risk management. It groups the risks it monitors under the following main categories: strategic risks, legal risks, financial risks, environmental risks, process risks, project risks, occupational health and safety risks and information security risks.
ISMS Risk Management Policy
ISMS Risk Management Policy
BİLGEM conducts research on informatics, information security and advanced electronic technologies, which are needed by the civil and military sectors, in order to contribute to Turkey's defense power. In this framework, BİLGEM reveals and solves problems and ensures the implementation of these solutions. BİLGEM is a research, development and application center that acts as a bridge between universities, public and private sectors, developing collaborations and contributing to the technological experience of these stakeholders.
It believes in the importance of risk management and considers risk management in all management activities in order to create value with the technology, products and services it offers to its stakeholders, to increase stakeholder satisfaction, to use its resources effectively and efficiently, to ensure the sustainability of these and the confidentiality, integrity and accessibility of the information it processes, including personal data.
In order to fulfill the objectives and targets set within the scope of the Institutional Integrated Management System, it determines, monitors, processes, reports the results regularly, and reviews this policy periodically with the appropriate technology infrastructure and an effective measurement systematic.
It commits to the allocation of necessary resources to assist with the obligations and responsibilities associated with risk management.
BİLGEM Information Security Policy
BİLGEM Information Security Policy In order to contribute to Turkey's defense power, BİLGEM conducts research in the fields of informatics, information security and advanced electronic technologies required by the civilian and military sectors. Within this framework, BİLGEM identifies and solves problems and ensures the implementation of these solutions. BİLGEM is a research, development and application center that acts as a bridge between universities, public and private sectors, developing collaborations and contributing to the technological know-how of these stakeholders. Accordingly, within the framework of TS ISO/IEC 27001 Information Security Management System (ISMS) standard, BİLGEM undertakes the following issues in order to ensure the confidentiality, integrity and accessibility of information:
- Plans, implements and controls the ISMS by determining information security objectives and activities and ensures continuous improvement of the system.
- Defines how the activities carried out meet the legislation, contract, standard and business requirements.
- Defines how it meets the requirements of the Personal Data Protection Law (PDPL).
- Carries out ISMS activities in an integrated manner with other management systems established within the organization.
- Determines the duties, roles and responsibilities and necessary resources within the scope of ISMS.
- Inventories information assets by determining confidentiality, integrity and accessibility criteria.
- Identifies and assesses existing and potential risks and activates appropriate risk handling options to manage information security.
- Makes business continuity plans, implements these plans and ensures continuous improvement of the process.
- Develops solutions by following current technologies and innovations in information security.
- Takes the necessary measures to ensure that all stakeholders comply with the issues determined in relation to information security.
- Ensures that this policy is publicized, accessible, aware and implemented.
- In case of violation of this policy, it initiates and follows the relevant processes.