Our Information Security Management System ensures that all our activities are carried out by ISO 27001: 2013.
GIZIL can provide secure access to information assets and maintain information availability, integrity, and confidentiality. To maintain reliability, we evaluate and manage the risks on our assets and stakeholders' information. We fulfilled the legal and relevant legislative requirements to meet the obligations arising from the agreements, ensure the business's continuity and sustainability, and establish a control infrastructure to maintain and improve information security.
GIZIL employees and the specific external parties defined in the Information Security Management System are expected to comply with our policy and the Information Security Management System that applies this policy. All employees receive training regularly. The information security management system is subject to continuous and systematic evaluation and development. GIZIL has established an information security committee managed by senior management and includes the information security manager and other managers to support the Information Security Management's framework and periodically review the security policy.
We collect and store personal information about employees, business partners, customers, and others, such as birth dates, addresses, and financial information. When we collect and process personal data, we must comply with local laws and company privacy policies. Personal data should be collected only for legitimate business purposes, shared only with that allowed access, protected under security policies, and retained for as long as necessary. We also must ensure that third parties with access to personal information are contractually obligated to protect it.