NORANET Information Security has adopted the following objectives as policy in order to maintain the institution’s reputation, reliability, and protection of information assets, and to ensure the continuity of core and supporting business activities with minimal interruption:

• Protecting the institution’s processed, stored, and shared information assets in accordance with the principles of confidentiality, integrity, and accessibility.
• Managing information assets, developing, and continuously improving the established management system to identify the security values, needs, and risks of assets, and to implement controls for security risks.
• Assessing risks arising from activities in line with the institution’s vision and mission, determining continuous improvement needs and opportunities.
• Keeping up with technological developments and changes within the scope of services provided.
• Ensuring business continuity by reducing the impact of information security risks.
• Complying with national and international regulations, legal and regulatory requirements, obligations arising from agreements, and corporate responsibilities towards internal and external stakeholders.
• Being capable of promptly intervening in potential information security incidents and minimizing their impact.
• Maintaining and improving the level of information security over time with a cost-effective control infrastructure.
• Enhancing the institution’s reputation and protecting it from adverse effects based on information security.
• Preserving personal data within the scope of the Personal Data Protection Law.
• Conducting training to enhance employees’ awareness and competencies in information security, aiming to be an exemplary organization integrated with other management systems within the sector.

Each NORANET member is responsible for acting in line with these stated objectives and contributing to the system.