Information Security Policy
Gözen Holding attaches great importance to information security in accordance with its objectives, values and strategic targets.
01Gözen Holding (Corporation) management aims;
- To protect the reliability and image of the corporation,
- To make sure the that the contracts made fulfill the information security requirements, and
- To ensure the continuance of the fundamental and supportive activities of the corporation with minimum interruption.
02Gözen Holding, within this scope, undertakes to take measures in order to ensure and protect the confidentiality, integrity and accessibility of the information assets of the corporation.
03Defining, evaluating and processing the information security risks are addressed under the risk management of the corporation.
04Everyone that uses the information technologies infrastructure and accesses the information sources of the corporation:
- Ensures the confidentiality of the information belonging to the corporation in personal and electronic communication and the information exchange with third parties,
- Backs up the information he/she processes according to the levels of criticality,
- Takes the security measures determined according to the risk levels,
- Has information about the information security violations, does not commit violation and reports any information security incidents observed to the Information Security unit,
- Does not share the internal information sources with unauthorized persons, and does not use them for the activities violating the Republic of Turkey laws and regulations.
05Employees of the corporation, and external parties such as third parties, suppliers, customers, visitors are required to comply with this policy and the other policies, procedures and instructions ensuring the implementation of this policy.
06Gözen Holding management is responsible for supporting the information security infrastructure and maintaining its operation.
07Corporation undertakes to give “Information Security Awareness Training” to all employees in the form of e-training or classroom training in order to ensure awareness, to continuously improve the information security, and to meet the legal regulations and arrangements and the applicable expectations of the related parties.
08In case of failure to comply with information security policies, procedures and instructions, sanctions such as warning, reprimand, termination of contract are applied pursuant to the corporation personnel regulations.
09Corporation’s top management is ready to provide any support in order to protect the information assets according to the rules in the Information Security Policy, create information security awareness, establish a common corporate culture, determine the risks and take the necessary actions for minimizing the weaknesses, and execute the applicable sanctions in case of security violations.
10Corporation ensures the compliance with the Information Security requirements by internal and external inspections, reporting the inspection results to the management and taking the actions related to such results.