Aim
Purpose of Information Security Policy Doğuş HangerTo ensure business continuity and reduce the impact of potential threats, to prevent information security incidents or minimize the risk of damage.
In this context, the Information Security Management System was established and it was aimed to comply with the ISO 27001:2013 standard.
Scope
This policy covers the information assets within Doğuş Askı. It is implemented by employees in all locations, suppliers / contractors inside and outside the location.
Responsibility
Information Security The Board of Directors is responsible for keeping the risks to the company's information assets at an acceptable level approved by the senior management within the scope.
Policy
- The goal of the policy is to protect the company's information assets against internal and external intentional or unintentional threats.
- Doğuş Askı General Coordinator has approved this policy.
- The Information Security Policy secures all the following requirements:
- Defining processes and information assets and carrying out their risk assessments methodologically
- Protection of information from unauthorized access
- Ensuring the confidentiality of information
- Protecting the integrity of information
- It is possible to access information whenever business processes need it.
- Fulfillment of legal obligations and legal obligations arising from contracts
- Developing and improving business continuity plans
- Providing Information Security training to all employees
- Ensuring that all Information Security violations or suspected violations are reported to the Information Security Board of Directors and examined.
- Procedures and associated instructions have been defined to support this policy.
- Information Security is provided by taking into account business needs.
- The Information Security Board of Directors ensures the development, documentation and continuous improvement of this policy and all related documents and the Information Management System.
- All management staff are responsible for ensuring that the units they manage comply with this policy and related procedures.
- Compliance with the Information Security Policy is mandatory for all employees.