Our Information Security Management System ensures that all our activities are carried out by ISO 27001: 2013.
At GIZIL, we understand that information is one of our most valuable assets. Recognizing the critical importance of securing this asset, we have implemented an Information Security Management System (ISMS) that is fully compliant with the ISO 27001:2013 standard. This globally recognized standard specifies the requirements for establishing, implementing, maintaining, and continually improving an ISMS within the context of the organization.
Our ISMS is a systematic approach to managing sensitive company information so that it remains secure. It includes people, processes, and IT systems by applying a risk management process, giving assurance to our stakeholders that information is protected effectively. Through this rigorous system, we ensure the confidentiality, integrity, and availability of our information assets.
Adherence to the ISO 27001:2013 standard underscores our commitment to maintaining the highest levels of information security. It shows our determination to implement the best practices for our information security processes, ensuring we have the correct controls in place to mitigate risks. It's not just about protecting our operational data, but also about safeguarding our customer's information, thus reinforcing their trust in our capabilities.
GIZIL can provide secure access to information assets and maintain information availability, integrity, and confidentiality. To maintain reliability, we evaluate and manage the risks on our assets and stakeholders' information. We fulfilled the legal and relevant legislative requirements to meet the obligations arising from the agreements, ensure the business's continuity and sustainability, and establish a control infrastructure to maintain and improve information security.
GIZIL employees and the specific external parties defined in the Information Security Management System are expected to comply with our policy and the Information Security Management System that applies this policy. All employees receive training regularly. The information security management system is subject to continuous and systematic evaluation and development. GIZIL has established an information security committee managed by senior management and includes the information security manager and other managers to support the Information Security Management's framework and periodically review the security policy.
We collect and store personal information about employees, business partners, customers, and others, such as birth dates, addresses, and financial information. When we collect and process personal data, we must comply with local laws and company privacy policies. Personal data should be collected only for legitimate business purposes, shared only with that allowed access, protected under security policies, and retained for as long as necessary. We also must ensure that third parties with access to personal information are contractually obligated to protect it.
Building upon our commitment to safeguard personal information, GIZIL adheres to a comprehensive data protection framework that reflects the highest global standards. This framework is not only designed to ensure compliance with local laws and our company privacy policies, but it also aligns with our fundamental values of respect, integrity, and transparency.
As part of this framework, we employ rigorous data minimization techniques, collecting and processing only the data that is necessary for our business operations. We also implement strict access control measures, ensuring that personal data is accessed only by authorized personnel who have a legitimate business need for such access. Furthermore, we use advanced encryption and other cutting-edge security technologies to protect the personal data in our custody, mitigating the risk of unauthorized access or data breaches.
At GIZIL, we view data protection not as a regulatory obligation, but as a cornerstone of our business strategy and a mark of our commitment to our stakeholders. As we continue to navigate the digital landscape, we remain steadfast in our commitment to protecting personal data and upholding the highest standards of privacy and security.