The institution operates under the BÜYÜKÇEKMECE MUNICIPALITY, located at Fatih Mah. Şehremini Sok. No.1 Büyükçekmece/Istanbul/Turkey.

Büyükçekmece Municipality administration undertakes to ensure the security of the Information Technologies Directorate Information System assets and the employees who access these assets, security management, business processes, and the information systems structure and the services provided by the software, hardware, and service support providers. Information and information security requirements will be in line with corporate goals. ISMS will be a mechanism that reduces information-related risks to acceptable levels and enables information sharing.

The existing strategic business plan and risk management framework of Büyükçekmece Municipality fulfills defining, determining, evaluating, and controlling the relevant risks to establish and maintain the ISMS. The risk assessment, Applicability Statement, and risk response plan describe how information-related risks are controlled. The Director of Information Technologies, System Management Specialist, Hardware Support Specialist, and Information Security Manager are responsible for managing and maintaining the risk response plan. Additional risk assessments can be conducted, if necessary, to identify appropriate controls for specific risks. In particular, business continuity and contingency plans, data backup procedures, avoidance of viruses and hackers, access control systems, and information security breach reporting are essential to this policy. Specific, documented policies and procedures support control objectives for each of these areas.

All Municipality employees and certain external parties defined in the ISMS will receive the appropriate training following this policy and the ISMS implementing this policy.

ISMS is subject to continuous and systematic evaluation and improvement. Büyükçekmece Municipality has established an information security committee, which the senior management manages and includes the information security manager and other managers to support the ISMS framework and periodically review the security policy.

This policy will be reviewed at least annually to respond to changes in the risk assessment or risk response plan.

ISMS is an information security management system. This policy is a part of the system in other supporting related documents. The system has been designed according to the technical specifications specified in ISO27001:2013, and the senior management allocates necessary resources for continuous improvement.

A security breach is an event and activity that causes or may damage the usability, confidentiality, or integrity of the Institution's physical or electronic information assets.

 

ISO 22301 BUSINESS CONTINUITY MANAGEMENT SYSTEMS POLICY

 

“Büyükçekmece Municipality management has committed to ensuring business continuity throughout the organization and using all physical and electronic information assets efficiently.” Business continuity goals will be in line with the Minimum Business Continuity Objectives (MBCO) of the components of each service in terms of information technologies. These goals consist of the related components RTO: Recovery Time Objective and RPO: Recovery Point Objective. 

BCMS has arranged to cover all information and communication services provided by the institution to its customers. All principles regarding the subject have been conveyed to internal and external stakeholders.

The management goals include employing well-trained and competent personnel open to innovation and change, providing financing to compete with competitors in the sector, having sufficient equipment, and developing the infrastructure. Ensure full compliance with the legislation on the industry closely follows the relevant technological developments and takes precautions before problems occur with preventive activities that increase the service quality while performing daily operational works. BCMS policy will be reviewed when significant changes such as environmental changes, changes in the organization's business and structure will be reviewed.

Büyükçekmece Municipality's current strategic business plan and risk management framework is provided through the establishment and maintenance of BCMS. Risk assessment for BCMS is carried out with Component Failure Impact Analysis (CFIA) by the applicability statement and risk intervention plan in BCMS. The B3T team manager is responsible for the management and maintenance of the Risk Response Plan.

The principles on which the BCMS policy is based; Preventing interruptions to protect ICT services from threats such as environmental causes, hardware failures, operational errors, malicious code attacks, and natural disasters; identify incidents as soon as possible to minimize the impact on corporate services, reduce recovery efforts and maintain service quality; reacting swiftly to prevent a minor incident from escalating to more severe levels; Recovery based on recovery priorities and first recovery of the most critical services to ensure timely restart of services and maintain data integrity; it is based on continuous improvement that analyzes and reviews the lessons learned from events and thus provides better preparedness for incidents and disruptions.

Büyükçekmece Municipality has committed to obtain and sustain the ISO 22301 certificate for its own BCMS.

 

ISO 20000 INFORMATION TECHNOLOGIES SERVICE MANAGEMENT POLICY

 

Information Technology Service Management Policy; is a general policy that defines roles, deadlines, and responsibilities and engages closely with business, key suppliers, and senior management.

In this policy, the principle of continuous improvement provides a basis for the IT service management organization. Continuous improvement in the IT-SMS organization offers the most appropriate support for the business. It contributes to achieving expectations such as continuity, accessibility, and security at the optimum price. All related policies required by the job and primary forms for all activities are recorded in the Service Catalog. The purpose of creating an IT service management plan is to define the specific objectives of the following year for independent management activities (such as process review, user and citizen satisfaction surveys, budget planning, continuity tests).

Büyükçekmece Municipality creates value-added projects for citizens and beneficiaries and presents them to relevant parties.

The goal to be achieved in service management and needs is an unconditional citizen and beneficiary satisfaction. After the services provided for this purpose, periodically inquiry and measurement methods to determine the joy of the related parties were put into use.

In line with Büyükçekmece Municipality IT-SMS policy, offering IT services to citizens and all beneficiaries in the form of value-added technology solutions from a single point is a must for success. It is one of the main objectives to develop solution partnerships with the leading leaders of information technologies globally and work in close cooperation with the expert organizations in our country's information sector. To achieve this, it wants to develop and strengthen the certifications of its trained and highly experienced staff; thus, it is based on continuous improvement in service.

Büyükçekmece Municipality has committed to obtain and sustain the ISO 20000-2011 certificate for its IT-SMS.

These policies will be reviewed at least annually to respond to risk assessment changes or risk response plans.

• Evaluation of policies ISMS, IT-SMS, BCMS policies are reviewed at regular intervals or when significant changes occur to ensure consistency, adequacy, and effectiveness.
• IT Department Manager is the director of ISMS, IT-SMS, BCMS policies and has approved the management responsibility for developing, reviewing, and evaluating the policy.
• MUNICIPALITY has defined a procedure (P05) for the management review of ISMS, IT-SMS, BCMS policies, which includes continual improvement and evaluation of policy changes that may be necessary to respond to significant changes in the organizational, business, legal or technical environment.

All changes to the ISMS, IT-SMS, BCMS policies are subject to the approval of the Büyükçekmece Municipality senior management.