Aim
The purpose of the Information Security Policy; Ibisa Gas Spring is to prevent information security threats or minimize the risk of damage in order to ensure the business continuity of companies and to minimize the impact of potential threats. In this context, it is aimed to establish an Information Security Management System and to comply with the ISO27001:2013 standard.
Content
This policy covers Ibisa Gas Spring information and data assets. It is applied by the employees in the facility, the suppliers inside and outside the location.
Responsibility
It is responsible for keeping the risks regarding company information and data assets within the scope of the Information Security Board of Directors at the level approved by the senior management.
Policy
The main objective of the Information Security Policy is to take precautions and protect the company's information and data assets against internal or external, intentional or unintentional risks.
The Information Security Policy ensures the following contents:
- Processes, information flow, identification of information and data assets and methodological realization of risk assessments related to them
- Protection of information from unauthorized internal and external accesses
- Ensuring the confidentiality of information
- Protecting the integrity of information
- Authorities have access to information whenever business processes need it
- Complete fulfillment of legal obligations and legal obligations arising from contracts
- Providing Information Security trainings to all employees
- Follow-up of all Information Security violations; in case of violation, reporting the suspected violation to the Information Security Board of Directors and ensuring that it is examined
Procedures and associated instructions have been prepared to support this policy. Information Security is provided by considering business processes and interdepartmental relations.
The Information Security Board of Directors ensures the development and continuous improvement of this policy and all related documents.
All management staff are responsible for the compliance of the units they manage and their subordinates with this policy and related procedures.
Compliance with the Information Security Policy is mandatory for all employees.