Certification
Baseguard Bilişim Teknolojileri A.Ş. is certified against ISO/IEC 27001:2022 by SigmaCert DOO (IAS-accredited, IAF Multilateral Recognition Arrangement signatory).
- Certificate number: MTS-49858
- Date of initial registration: April 10, 2026
- Date of expiry: April 9, 2027 (subject to annual surveillance audits)
- Statement of Applicability: BGYS 29.12.2025 REV00
- Certification body: SigmaCert DOO, Gavra Vukovića BB, Podgorica, Montenegro
Scope: Data generated, stored, operated and transmitted within the product portfolio, as well as the Baseguard platform's software architecture, source code, encryption keys and certificates, network components, customer and user data access protocols, authentication, authorization and protection policies.
The certificate and supporting documentation can be requested from our Trust Center.
Purpose
The purpose of the Information Security Policy is to define the information security management framework and basic information security goals and principles, as well as emphasize the support provided by management to the information security management system.
The Information Security Policy aims to protect the physical and electronic information assets that affect global operation of the company to ensure employees act in accordance with the company's security requirements, increase their consciousness and awareness in a way that enables the basic and supporting business operations of the company to be maintained with minimum interruption, protect company reliability and prestige, and maintain compliance with the agreements signed with third parties.
Goals determined by management are regularly monitored and reviewed during Managerial Review meetings.
Scope
This policy covers the information assets within Baseguard Bilişim Teknolojileri A.Ş. It applies to employees at all locations, and to on-site and off-site suppliers/contractors.
Responsibilities
Employee Responsibilities
Company employees are responsible for:
- Completing the Information Security training assigned to them.
- Conducting their work in line with Information Security targets and policies, as well as the documents and owners of Information Security Management System documents.
- Paying attention to and reporting any Information Security Breaches observed or suspected on the systems or services.
- Ensuring that a Confidentiality Agreement is signed before data are shared with third parties, in addition to service agreements signed regarding the work conducted with them, and meeting the Information Security requirements.
Third-Party Responsibilities
Third-party employees and companies are responsible for:
- Processing, storing, anonymizing, and disposal of the data in line with this policy and the procedures and instructions within the scope of this policy.
- Confidentiality agreements.
- The content of the signed agreements.
- Current laws and regulations.
Our Commitments
As Baseguard Bilişim Teknolojileri A.Ş., we are committed to providing the following assurances to protect, keep up-to-date, and ensure the accessibility of our organization's and our stakeholders' information assets when needed:
- Securing any information necessary for our activities.
- Meeting the information security obligations resulting from national and international regulations and the legal requirements we are subject to.
- Contributing and continuously improving the information security of all employees by increasing their competences.
- Raising employee and third-party awareness of information security in order to protect their and their shareholders' information.
- Creating business continuity plans and taking the necessary measures against evolving information security threats by conducting risk analyses.
- Providing the necessary support and resources in order to ensure information security.
Contact Us
If you have any questions about this document, please contact us at: