Information Security Policy
Effective date: 2026
1. Purpose
This Information Security Policy has been prepared by Most Idea Yazılım Sanayi ve Ticaret Limited Şirketi (Most Idea or Company) to explain the fundamental principles regarding the protection of information assets in software development, mobile application, web design, ERP, CRM, AI, digital transformation and technical support processes.
2. Scope
This policy covers the following information assets:
- Customer data
- Project documents
- Software source codes
- Contracts and proposals
- System access information
- Server and hosting infrastructure
- CRM and ERP records
- Email systems
- Backup systems
- Log records
- Technical support records
- Corporate information assets
3. Information Security Principles
Most Idea adopts the following fundamental principles in information security management:
- Confidentiality
- Integrity
- Availability
- Authorization
- Traceability
- Data minimization
- Purpose limitation
- Business continuity
- Risk-focused approach
4. Access Control
Access to information systems is organized on a role-based basis. Users are ensured to access only the systems and data necessary for their duties.
Access privileges are reviewed when necessary, and access is removed in case of change of duties or termination of the business relationship.
5. Authentication and Password Security
Strong password policies, multi-factor authentication, session security and unauthorized access prevention measures may be applied in Company systems.
Sharing passwords with third parties is prohibited.
6. Server and Infrastructure Security
Most Idea applies security measures in server, hosting, cloud, CDN, email, database and application infrastructure.
These measures may include firewalls, access restrictions, logging, updates, backup, encryption and security monitoring processes.
7. Software Security
Secure coding principles are observed in software development processes. Source code review, test processes, authorization controls, input validation, CSRF/XSS/SQL injection prevention and OWASP principles are taken into account when necessary.
8. Data Security
Personal data and customer data are protected against unauthorized access, loss, modification, disclosure and misuse.
Access control, encryption, data backup, masking, logging and secure transfer methods may be applied in this context.
9. Backup and Business Continuity
Backup processes are applied for critical systems and data. Restoration and recovery processes are planned for systems deemed necessary for business continuity.
10. Logging and Monitoring
System accesses, critical operations, security events and error records may be logged to the necessary extent. Log records may be kept for the purpose of security, auditing, error analysis and fulfilling legal obligations.
11. Supplier and Third-Party Security
Most Idea takes into account the security approaches of its suppliers and third-party infrastructure providers. Principles of confidentiality, data security and authorization limitation are applied in processes conducted with suppliers.
12. AI and Automation Systems
When using AI-powered tools, the protection of customer data and personal data is essential. Unnecessary personal data sharing is avoided, and due care is taken to ensure that sensitive personal data is not shared with AI systems.
13. Employee and Authorized Person Responsibilities
Company employees, consultants and officials are obliged to act in accordance with information security rules.
In this context, protecting confidential information, not making unauthorized shares, using secure passwords, ensuring device security and complying with data confidentiality rules are required.
14. Incident Management
In the event of a security breach, data leak, unauthorized access or similar incidents, necessary technical and administrative actions are taken. Notification is made to relevant persons and institutions as required by legislation.
15. Policy Updates
This policy may be updated in line with technological developments, business processes and legislative changes.