Information Security

Kyla is committed to maintaining or eliminating risks to our information and privacy assets at an acceptable level and for continuous improvement. Kyla is aware that by having an effective information security management system, we can;

  • Provide assurances for our legal, regulatory and contractual obligations,
  • Ensure the right people, have the right access to the right data at the right time,
  • Be good data custodians.

Kyla has established information security objectives that align with its overall business objectives and
are reviewed regularly to ensure their continued relevance and effectiveness.
These objectives are supported by plans include identified risks, opportunities, and appropriate security controls to address them. Kyla’s Information Security objectives include but not limited to:

  • To ensure the confidentiality, integrity and availability of organization information including all personal data and personal health data based on good risk assessment, legal, regulatory and contractual obligations and business need.
  • To follow/monitor current cyber threats related our the activities and carry out counter-activities with a perspective that the monitored cyber threats will not cause any vulnerabilities, and compliance with the terms and legal requirements arising from the contracts will be ensured,
  • To ensure that the information security activities are carried out in an effective, correct, fast and safe manner,
  • To carry out information security and privacy related activities in accordance with the standards required by the sector,
  • To carry out our activities with the awareness of the risks on confidentiality, accessibility and integrity in accessing all kinds of corporate and personal information assets belonging to our company, customers, employees, contractors, suppliers and business partners,
  • To make the information security management system and information security awareness a corporate culture,
  • To conduct the preparation, implementation and testing of the necessary plans to ensure business continuity and service continuity,
  • To ensure that risks related to our information assets and processes are properly assessed and processed in accordance with accepted risk management methodologies,
  • To ensure the commitment to all our stakeholders that being in contact with special interest groups in order to benefit from the developing technologies and knowledge in our sector where we offer our services.

Version May 2023