INFORMATION SECURITY POLICY
We are aware of our responsibility in ensuring information security regarding the use, processing, production, protection, storage, and backup of information and other related assets.
Integrating administrative, legal, and technological regulations into the organizational culture aims to establish a structure that possesses preventive, detective, and corrective attributes against intentional or unintentional loss, unauthorized access, or improper use, ensuring the confidentiality, integrity, and availability of information and other related assets belonging to our organization or stakeholders in a sustainable manner.
In line with this understanding,
- - Ensuring compliance with national or international laws, regulations, sectoral requirements, standards, and contractual obligations at every stage of our operations,
- - Regulating authorizations according to the “Need-to-Know Principle” to ensure the security of information assets under our responsibility in written, printed, logical, or similar media,
- - Defining authority, roles, and responsibilities for establishing, operating, and continuously improving the Information Security Management System (ISMS) and regularly reviewing applicable requirements,
- - Identifying risks associated with threats within the framework of the importance, value, and vulnerabilities of information and related assets,
- - Determining the necessary requirements to eliminate or mitigate identified risks, thereby contributing to business continuity and information security,
- - Defining and diligently implementing policies, procedures, and related documentation prepared with sensitivity toward the protection of information and related assets,
- - Regularly measuring and auditing the effectiveness and efficiency of information security management and implementing necessary improvements within the philosophy of continuous improvement,
- - Recognizing that people are the most important element in ensuring information security, integrating information security awareness into our organizational culture through training, seminars, and various awareness activities for our employees and, when necessary, other stakeholders, and monitoring the outcomes,
- - Protecting the reliability and brand image of our organization.
As Senior Management, we are committed to providing all necessary resources to ensure the effective operation of the Information Security Management System in accordance with relevant standards and regulations.
General Manager