In line with the purpose of our ISMS Policy, we, as senior management, undertake to ensure the following:
To protect the information assets of ESTAŞ ELDİVEN against all kinds of threats that may occur knowingly or unknowingly, from inside or outside, to ensure accessibility to information as necessary through business processes, to meet the requirements of legal regulations, to work for continuous improvement, with Information Technology, Administrative Affairs and Purchasing. Customs and foreign trade transactions in the Human Resources branches and the information assets of the logistics, storage, accounting, finance and information processing activities related to these transactions and the security measures used to protect these assets, customs and foreign trade transactions within the scope of TS EN ISO/IEC 27001:2013 standard and To establish an Information Security Management System, the information assets of logistics, storage, accounting, finance and information processing activities related to these transactions and the security measures used to protect these assets,
To ensure the continuity of the three basic elements of the Information Security Management System in all activities carried out;
Confidentiality: Preventing unauthorized access to important information,
Integrity: Demonstrating that the accuracy and integrity of the information is provided,
Accessibility: Demonstrating that those with authority can access information when necessary,
To protect, store and process all personal data that ESTAŞ ELDİVEN downloads and stores in accordance with the Personal Data Protection and Processing Policy prepared under the Personal Data Protection Law,
Not only the data kept electronically; To deal with the security of all data in written, printed, oral and similar media,
To raise awareness by giving Information Security Management trainings to all personnel,
Reporting all actual or suspicious vulnerabilities in Information Security to the ISMS Team and ensuring that they are investigated by the ISMS Team,
Preparing, maintaining and testing business continuity plans,
To determine the existing risks by making periodic evaluations on Information Security. As a result of the evaluations, to review and follow up the action plans,
To prevent all kinds of disputes and conflicts of interest that may arise from contracts.