INFORMATION SECURITY POLICY
1. ISO 27001 INFORMATION SECURITY MANAGEMENT SYSTEM COMPLIANCE
Our information security management system is managed to meet the requirements of the ISO 27001 standard. This includes the establishment and documentation of policies and standards, allocation of necessary resources, and continuous improvement. For this purpose, we define policies and standards, document them, and allocate necessary resources to ensure our processes are continuously evolving.
2. INFORMATION SECURITY AWARENESS and TRAINING
We increase awareness by organizing information security training that will enhance employees' technical and behavioral competencies. These trainings are aimed at preventing information security breaches and adopting best practices.
3. BUSINESS CONTINUITY and EMERGENCY MANAGEMENT
We prepare comprehensive business continuity and emergency plans to ensure the continuity of our services to our customers and our business continuity. We regularly test these plans. We are prepared for both potential disasters and cyber attacks.
4. CONFIDENTIALITY and DATA PROTECTION
We establish the necessary infrastructure and take measures to protect the confidentiality of private information belonging to our company, our employees, and our customers. We develop procedures to ensure the safe storage, processing, and destruction of all data when necessary. In accordance with Turkish Law No. 6698 on the Protection of Personal Data (Turkish KVKK / International GDPR), personal data are processed lawfully, accurately, and kept up-to-date as necessary, specific, clear, and legitimate, related to the purposes for which they are processed, limited and measured; they are preserved for the period stipulated by law or necessary for the purpose for which they are processed.
5. MANAGEMENT OF SECURITY BREACHES
We effectively manage possible security breaches and apply appropriate sanctions when necessary. We implement necessary preventive and corrective actions to prevent the recurrence of potential breaches. In the event of a breach, we make the notifications required by law.
6. CONTINUOUS IMPROVEMENT and EVALUATION
We continuously improve and sustain the effectiveness of our information security management system by regularly conducting evaluations, assessing continuous improvement opportunities, and implementing them. We develop a proactive stance against information security threats and take up-to-date measures against all threats.
7. COMPLIANCE WITH LEGAL REQUIREMENTS
We adopt a systematic approach to identifying risks related to our company's processes and managing them in compliance with laws. We ensure compliance with all legal legislations, customer requirements, and the requirements of our business partnerships.
Document number: POL-005-01
Last revision date: 19.12.2023
