PURPOSE, SCOPE AND ADOPTION OF INFORMATION SECURITY BY MANAGEMENT
İZBAŞ accepts corporate information as an extremely valuable asset. Information is critical to the sustainability of our business activities and must be properly protected. İZBAŞ aims to minimize the risks that may arise regarding the Confidentiality, Integrity and Usability of corporate information and the effects of these risks by applying the Information Security Management System (ISMS) ISO 27001 standard.
This policy has been approved by İZBAŞ General Manager.
İZBAŞ has adopted the following issues in particular:
İZBAŞ's Information Security Policies are valid and mandatory for all İZBAŞ personnel using İZBAŞ information or business systems, regardless of geographical location or business unit, whether full-time or part-time, permanent or contracted. All persons, such as third party service providers and their affiliated support personnel, who do not fall under these classifications and need access to İZBAŞ information, must adhere to the general principles of this policy and other security responsibilities and obligations they have to comply with.
RESPONSIBILITIES OF ALL EMPLOYEES
The purpose of Information Security and this policy is to protect, maintain and manage the confidentiality, integrity and availability of information and all support business systems, processes and applications. This means keeping the information of İZBAŞ in the authorized hands; ensuring that the information is complete, accurate and usable; and ensuring that the information and systems are ready for use when necessary. For this reason, all İZBAŞ and its employees are responsible for performing their work in a way that ensures that the information is protected within İZBAŞ, regardless of their position or duties.
In addition to ensuring that the information of İZBAŞ is complete, accurate and ready to use, all İZBAŞ personnel must also comply with the principles of protection of confidential information and İZBAŞ Business Ethics.
İZBAŞ undertakes to take the measures specified in the Personal Data Protection Law and to work in full compliance with the Personal Data Protection Law.
POLICY OWNERSHIP AND PROVIDING GUIDANCE IN INFORMATION SECURITY
The functional ownership of this policy and all standards and other supporting documents and training activities will be carried out by the IT Officer and will also be a source of advice and guidance regarding the implementation of the policy throughout İZBAŞ.
The IT Officer will ensure that all employees receive appropriate training to ensure an appropriate level of awareness of Information Security issues and will guide them in handling information security incidents in general. Where necessary, it will ensure that this policy is supported by detailed standards, procedures and processes and is ready for use as needed. It will also be responsible for ensuring that these policy requirements are passed on to all employees (permanent or periodic) and all contractor personnel.
The Information Processing Supervisor shall be responsible for the establishment and continuity of the general management framework related to Information Security and for the continuous review of this policy in such a way as to ensure that it lives up to date and continues to reflect the changes in the risk environment or threats faced by İZBAŞ's business-related requirements or information and information systems.
Information Security policies are reviewed at least once a year in parallel with the asset and risk updates made to reflect the current risks faced by İZBAŞ information assets. Information Security Policies are updated by making new necessary additions to keep new risks and changes in risks under control. In addition, any İZBAŞ employee may request the IT Officer to change the policies in order to improve the Information Security Policies and better reflect the controls required by İZBAŞ. Requests are handled and evaluated by the IT Officer.
The principles of Information Security Policy should be applied in parallel with the Rules of the Personnel Regulation of İZBAŞ Human Resources. Employees are also responsible for being aware of and complying with the Information Security Policy.
SUPERVISION AND COMPLIANCE WITH POLICIES AND RESOLUTION OF NON-COMPLIANCE
Each unit manager is primarily responsible for taking the necessary measures to ensure compliance with the Information Security Policy and monitoring the system.
The IT Officer is responsible for the periodic inspection and reporting of compliance with all published policies and procedures and related standards, especially the Information Security Policy.
Violations of the Information Security Policy may cause İZBAŞ to be harmed as a result of the failure to implement the necessary controls against the risks, as well as to incur criminal liability according to the new Turkish Penal Code and to compensate for material damages. Therefore, such violation may also be a violation of İZBAŞ Disciplinary Procedure and may result in disciplinary action. Violations of the Information Security Policy determined as a result of both surveillance, inspection and notification may result in internal disciplinary penalties that may be applied until the termination of employment or even the initiation of judicial and criminal legal proceedings.
Working together on the implementation of this policy will help to continuously protect our knowledge and reputation and ensure the continuity of the success of our business.
İZBAŞ Information Security aims to protect İZBAŞ's reputation, reliability and information assets, and to ensure that basic and supportive business activities continue with the least possible interruption:
Each İZBAŞ employee is responsible for contributing to these goals.
İZBAŞ İZMİR SERBEST BÖLGE KURUCU VE İŞLETİCİ A. Ş. © 2022 | ALL RIGHTS RESERVED.