Information Security Policy

In our institution, access controls in accordance with the principle of knowing as much as necessary within the framework of legal compliance are applied and security measures are taken in accordance with the developing technology. Considering information security threats, information security risk management is carried out, which provides an appropriate balance between risks and measures in terms of corporate business processes. Our information security objectives within the framework of our foundation purposes;

Ensuring information security and business standardization in the management of information systems,
To maximize the confidentiality, integrity and accessibility of the data processed in the institution,
Ensuring compliance with legal regulations, ISO / IEC 27001 Standard and contracts made with third parties and improving them continuously,
Increasing information security awareness of staff, stakeholders and third parties.
To protect corporate critical business activities from the effects of major disasters and operational errors and to ensure that they continue with minimum interruption,
To identify information security risks that may adversely affect our institution, to manage them effectively, to reduce them to acceptable levels, to work with a continuous improvement approach to protect information,
To protect corporate information from possible threats and dangers and to ensure that it is affected at the lowest level.

It is committed by our institution that the above-specified information security objectives will be realized, the relevant conditions determined.

Purpose

The purpose of the Information Security Policy is to ensure and protect the security, integrity and availability of all information used by BitcoinEscrowLtd. Below you can find the definition of these terms.

CONFIDENTIALITY

Confidentiality means that the information is accessible only to the individuals or parties permitted legally or with the consent of the concerned party. Confidentiality is violated in the case that the information is readable and/ or writable, editable, or accessible to those other than targeted.

INTEGRITY

Integrity means that the information is available to the targeted individuals or parties in consistency with its original form, without any distortion or change. A partial distortion or change on the information would mean an integrity violation.

AVAILABILITY

Availability means the information is accessible when needed. The difference with confidentiality is that availability focuses on the accessibility of the information, whereas confidentiality concerns who has access to it.

Scope

“Information Security Policy” covers all operations and activities aiming at ensuring information security including practices, policies, procedures, standards as well as the Information Security Management System. The policy also covers all units using the BitcoinEscrowLtd IT infrastructure, third parties accessing the information systems; and service, software or hardware providers providing technical service for the information systems.

Sanctions / Penalties

In case of violation of the Information Security Policy, sanctions may be imposed in line with the Disciplinary Procedures, or legal proceedings can be initiated within the framework of the enforced legislation on information technologies laws (software security, system security, privacy and property rights etc.).

Responsible Parties

All personnel, guest users and service providers accessing the corporate data using BitcoinEscrowLtd Information systems acknowledge and undersign the responsibilities on the confidentiality agreement.

Update

Information Security Policy is revised at least once a year or when deemed necessary; and is reissued with the approval of the Board of Directors. Additionally, when required, the items that need revision are evaluated and updated even before the revision date.

Annexes

BitcoinEscrowLtd Information Security Policy stipulates the effective running of the rules and steps within the processes, policies, standards and other documents given below.

  • User Access and Authorization Process
  • Asset Based Risk Evaluation Process
  • Information Security Event Management Process
  • Patch Management Process
  • IT Software Development and Maintenance Process
  • IT Data Architecture Management Process
  • Process and Organizational Management Process
  • Audit Trails Standard
  • Malware and Unlicensed Software Protection Standard
  • Software Security Standard
  • Network Security Standard
  • E-mail Security Standard
  • Internet Use Standard
  • Physical and Environmental Security Standard
  • BitcoinEscrowLtd New Server and Client Configuration Security Standard
  • New Server and Client Configuration Security Standard
  • Document Security Standard
  • Database Security Standard
  • Mainframe Security Standard
  • Data Back-up Security Standard
  • User Computers, Portable Devices, Telephone Systems and Fax Use Standard
  • Personal Devices Use Standard
  • Clean Desk Standard
  • Cryptographic Key Management Procedure
  • Social Media Guide
  • Business Continuity Framework
  • Data Classification Guide
  • Information Security Awareness Index Criteria