Information Safety Policy
Faydasıçok Holding A.Ş. and group companies aim to establishment, implementation and continuous improvement of Information Security Management System (BGYS) for the protection of Confidentiality, Integrity and Accessibility of their information portfolio.
In this context, we undertake:
- To determine Information Security needs of related parties and establish necessary controls within the compass of risk analysis,
- To form Policies, Procedures and Instructions and disseminate the same for the management of Risks related to BGYS and for keeping them under control,
- To improve Information Security awareness of personnel,
- To appoint adequate number of personnel related to BGYS or to increase the level of knowledge of existing personnel,
- Directing and supporting persons for their contribution to BGYS activities,
- Supporting management roles related to BGYS to enable them to display their leadership in their own areas of responsibility,
- To ensure allocation of necessary resources needed for BGYS and at an acceptable level within the framework of risk analysis,
- Determination of Information portfolio,
- Analyzing of risks related to information portfolio,
- Selecting and implementing appropriate controls related to analyzed risks,
- Forming an “Applicability Declaration” by matching selected controls with controls indicated in ISO 27001:2013 Annex A and its improvement,
- Consistent measurement of performance of implemented controls and determination of their effectiveness,
- Performing regular internal audit activities that include BGYS,
- Taking corrective action and precautions regarding non-conformance without delay,
- To improve BGYS by holding regular Management Review Meetings.
As it is the case in all activities of our company, in BGYS infrastructure works are carried out by compliance to self-reliance, righteousness, objectivity, confidentiality and reliability principles.
All personnel and third party firm employees are obliged to comply with documents included in management system within the framework of their duties and responsibilities.