Last Updated: 24.04.2026
The Information Technology Department is technically responsible for ensuring the confidentiality, integrity and availability of information assets within Hasan Kalyoncu University. Our work is carried out under the ISO/IEC 27001:2022 Information Security Management System (ISMS) framework conducted across our University.
Our ISMS Certification Journey
- 2020: Information Security Management System activities initiated
- 11 August 2021: Initial ISO 27001 certification
- 2024: Recertification with ISO 27001:2022 new version
- 2025: 1st interim surveillance audit – certificate continuity maintained
IT Department’s Areas of Responsibility
Technical Controls
KVKK m.12 technical measures:
- Access Control: Role-based access control (RBAC), least privilege principle
- Authentication: Multi-factor authentication (MFA), strong password policy
- Encryption: TLS 1.3 in transit, AES-256 at rest
- Network Security: Firewall, IDS/IPS, VLAN segmentation, DDoS protection
- Endpoint Security: Antivirus, EDR, MDM
- Logging and Monitoring: SIEM-based central log management, compliant with Law No. 5651
- Backup: According to the 3-2-1 rule (3 copies, 2 different media, 1 offsite)
- Disaster Recovery: RTO/RPO targets, annual DR tests
- Patch Management: SLA for critical patches, planned maintenance
Administrative Controls
- Secure software development processes
- Supplier risk assessment
- Data classification and labeling
- Incident response procedures
- Business continuity plans
Incident Response
If you experience an information security incident:
- Notification via DESK: https://desk.hku.edu.tr
- In case of emergency: 0(342) 211 8002
- If KVKK violation is suspected: kvkk@hku.edu.tr
Cyber security incidents are also reported to USOM.
Reference Documents
- KYS.POL.02 – Information Security Policy (official PDF)
- KYS.POL.05 – Retention and Disposal Policy
- University KVKK Main Page
Contact Us
For your information security questions: destek@hku.edu.tr