The aim of Nartio’s Information Security Policy is to protect the institution’s reputation, reliability, and information assets, and to ensure the continuity of core and supporting business activities with minimal disruption.
To achieve this, Nartio commits to:
- Protecting the information assets it processes, stores, and shares with other organizations according to the principles of confidentiality, integrity, and accessibility.
- Managing its information assets by identifying their security value, needs, and risks, and implementing controls to address security risks. The organization is dedicated to developing and continuously improving the management system established for this purpose.
- Evaluating the risks arising from its activities in alignment with the institution’s vision and mission, and identifying the needs and opportunities for continuous improvement.
- Keeping pace with technological advancements and changes within the scope of services provided.
- Ensuring business continuity by mitigating the impact of information security risks.
- Complying with national and international regulations, legal and relevant legislative requirements, contractual obligations, and corporate responsibilities towards internal and external stakeholders.
- Having the competence to respond swiftly to any potential information security incidents and minimizing their impact.
- Maintaining and improving the level of information security over time with a cost-effective control infrastructure.
- Enhancing the institution’s reputation by protecting it from negative impacts related to information security.
- Safeguarding personal data in accordance with the Personal Data Protection Law.
- Conducting training to improve employee awareness and competence in information security, and providing necessary support to become an exemplary institution in the sector through integrated management systems.