Information Security Policy

Faydasıçok Holding Inc. and its group companies aim to establish, implement, and continuously improve an Information Security Management System (ISMS) to ensure the Privacy, Integrity, and Accessibility of its information assets.

In this context, the company commits to:

• Identifying the Information Security Needs of relevant parties and requirements, and taking necessary controls within the framework of risk analysis,
• Creating and announcing Policies, Procedures, and instructions for managing and keeping the Risks associated with ISMS under control,
• Increasing awareness of Information Security among personnel,
• Ensuring the presence of a sufficient number of personnel related to ISMS or increasing the knowledge level of existing personnel,
• Providing guidance and support to individuals to contribute to ISMS effectiveness,
• Supporting management roles related to ISMS for individuals to demonstrate leadership in their areas of responsibility,
• Ensuring the allocation of resources required for ISMS at an acceptable level within the framework of risk analysis,
• Identifying information assets,
• Analyzing risks associated with information assets,
• Selecting and implementing appropriate controls for analyzed risks,
• Creating and improving an “Applicability Statement” by associating the selected controls with controls specified in ISO 27001:2013 Annex A,
• Regularly measuring the performance of applied controls to determine their effectiveness,
• Conducting Regular Internal Audit Activities covering ISMS,
• Taking corrective actions and measures regarding non-compliance without delay,
• Conducting Regular Management Review Meetings to improve ISMS.
• Our commitment to ISMS infrastructure in all our activities also adheres to the principles of Independence, honesty, impartiality, confidentiality, and reliability.

All personnel and third-party company employees must comply with the documents within the management system within the framework of their duties and responsibilities.