CODEBEFORE INFORMATION SECURITY MAIN POLICY

As a company operating in the IT sector, in order to identify and manage all kinds of risks to our business continuity and information assets;
Documentation, certification and continuous improvement of our information security management system to meet the requirements of the ISO 26001:2013 standard,
Complying with all legal regulations and contracts related to information security,
Systematic management of risks to information assets,
Carrying out trainings to develop technical and behavioral competencies in order to increase information security awareness
Ensuring the uninterrupted continuation of our basic and supporting business activities,
Ensuring that the information is accessible only to authorized persons and that the duties are segregated,
Increasing training activities, providing all our employees with the necessary training opportunities related to ISMS and supporting the necessary human resources for the subject
We work with all our strength to become an exemplary organization with our level of information security in our sector by effectively managing our activities to improve corporate reputation and protect it from negative effects based on information security.

OUR ISMS SUPPORT POLICIES

1. PASSWORD USE POLICY
1.1 Password generation rules (general)
a. Passwords must be at least 6 characters long and at least 3 of these characters must be numbers.
b. Must contain at least three of the following characters;
c. Capital letters (eg ABCDEF…)
D. Lowercase, (eg, abcdef …)
to. Number, (ex: 1234566890)
f. Punctuation (eg: !?., etc.)
I. Special characters (Ex: @#$%^&*()_+|~-=\`{}[]:”;'<>/ etc.)
k. Passwords should not be created as follows;
It should not contain personal information (such as family members’ names, dates of birth, phone number or address information)
l. Words or strings of numbers should not be used. (Ex; aaabbbb, qwerty, zyxwvuts, 12345668, 123321, etc.)

1.2. Password generation rules (System)

a.All user accounts have a password.
b. It is ensured that the passwords of new user accounts are defined in accordance with the rules by the user when logging in for the first time.
c. It is ensured that the typed password is not visible on the screen or is masked.
D. User passwords are protected by irreversibly corrupting (for example Hash) where they are stored, thus preventing even the most authorized people from seeing the user password.
to. A record of successful and unsuccessful access to information resources is kept, as well as the date, time and details of the accessed resource.
f. When users leave the systems they have logged in by authenticating (in case the system is left on after logging into the system with a password), it is automatically shut down (locked) after 10 minutes at the latest.
g. Credentials transmitted over public or shared networks are protected by strong encryption methods (SL).
h. Passwords suspected of being learned by others are changed immediately.
I. Critical resources can be accessed with a triple password, so that a single user is not allowed to create a security breach in the system. (for example, records such as access to information sources cannot be accessed by even the most authorized user alone, a committee of 3 of these authorized users can access critical information by entering their own passwords at the same time)

2. INTERNET USE POLICY

a. No user will be able to use the services on the internet through a peer-to-peer connection.
(For example; KaZaA, iMesh, eDonkey, Gnutella, Napster, Aimster, Madster, FastTrak, Audiogalaxy, MFTP, eMule, Overnet, NeoModus, Direct Connect, Asquisition, BearShare, Gnucleus, GTKGnutella, LimeWire, Mactella, Morpheus, Shareaza, XoLoX, OpenNap, WinMX. etc.)

b. ICQ, MIRC, Messenger, etc., except for official calls over the computer-to-computer network. not using chat programs such as messaging and chat programs. Files should not be exchanged through these chat programs.

c. No user will be able to do Multimedia Streaming (Video, mp3 broadcast and communication) over the internet. Since this internet access consumes bandwidth, it creates problems for other users to access data.

D. It is forbidden to browse excessively non-work related sites during working hours.

to. It is forbidden to upload and download (download) high volume files that are not related to work (music, video files) and store them on computers.

f. Internet needs of those who come to visit our company for any reason will be met through a separate allocation line. They will certainly not be included in the main system network.

g. No software can be downloaded from the Internet without the knowledge of the system administrator, and these software cannot be installed on corporate systems.

h. Websites that are contrary to general morality should not be accessed through computers and files should not be accessed.

CONTACT

We welcome you to contact us for more information
about any of our development or services.