Voluntary Participation (IPS) Auto Enrollment System (AES) Funds Legislation Data Center


Information Security Policy

Pension Monitoring Center (PMC) considers all the information it collects and processes, belonging to itself and its stakeholders, as critical assets and attaches utmost importance to its protection. All PMC employees and suppliers continuously protect from threats and risks all information systems that store corporate information, all media that contains corporate information, and all physical work areas.

The main purpose of corporate information security is to ensure that all information collected and processed by PMC is only used by authorized persons, maintained in full and accurately, and kept ready for use when needed. The main objective of corporate information security is to design, operate, monitor and continuously improve the necessary processes to prevent pecuniary and non-pecuniary damages that may occur due to the nature of PMC's corporate activities and affect PMC and its stakeholders, to detect them early if they occur, and to minimize their possible effects. All PMC employees and third parties working with PMC, regardless of position or duties, must comply with PMC's policies and procedures regarding information security.

It is imperative that third parties with access to PMC's corporate information systems and data and their affiliated personnel work in compliance with PMC's corporate information security guidelines and the information security responsibilities and obligations that have been or will be communicated to them.

PMC expects all of its employees, stakeholders and suppliers to comply with the following:

  • To ensure PMC’s full compliance with all laws, regulations, policies and procedures related to corporate information security;
  • To ensure and regularly check the confidentiality, integrity and availability of corporate information collected and processed by PMC;
  • To limit risks that may arise from loss, corruption or abuse of the corporate information owned by PMC;
  • To notify without delay the authorities within PMC of any information security-related incidents or vulnerabilities that may be noticed by Employees or third parties.

The manager of each department is principally responsible to take all measures and oversee the business operations in their areas of responsibility to ensure compliance with the corporate information security policies and procedures. PMC Information Technologies and R&D Department is the functional owner of the policies and procedures that involve information systems operations. As such, it is responsible for their internal dissemination, creation and implementation of the information security policy and system, while PMC is responsible for providing the necessary resources to ensure and maintain information security.

Violation of corporate information security policies and procedures is also considered a violation of the Code of Conduct, and, information security breaches identified as a result of monitoring, tip-off or audit, may result in disciplinary action or penal sanctions pursuant to the relevant legislation. PMC undertakes that it shall meet the applicable conditions regarding information security as an institution and continuously improve the Information Security Management System it maintains, operate its surveillance and audit activities effectively, create heightened awareness of information security through training and counseling, and ensure full participation in the process.

“Implementation of the Information Security Management System in compliance with the ISO/IEC 27001 standard will support the successful execution of the activities carried out or to be carried out by our Organization to securely and effectively operate the individual pension system determined by the Law and to protect the rights and interests of the beneficiaries. I thank all PMC employees and stakeholders for their continuous support and compliance with the corporate information security practices.”