Data Security Policy

Aim

The purpose of the Data Security Policy is to prevent information security incidents or minimize the risk of damage in order to ensure LOCCO…. ŞTİ. business continuity and reduce the impact of potential threats.

In this context, a Data Security Management System was established and aimed to be compliant with the ISO 27001:2013 standard.

Scope

This policy covers the information assets within LOCCO…. ŞTİ. It is applied by employees in all locations, and by suppliers/contractors inside and outside the location.

Responsibility

The Information Security Management Board is responsible for the establishment and operation of the Information Security Management System in accordance with the ISO 27001:2013 standard, which will ensure that the confidentiality, integrity and accessibility values ​​of company information assets are protected and that the risks to the processes are kept at an acceptable level approved by the senior management. It is also among these responsibilities that the Information Security Management System meets the requirements of the Personal Data Protection Law (KVKK).

Policy

  • The goal of the policy is to protect our companies' information assets, including their own data and data transmitted by stakeholders, against internal and external intentional or unintentional threats.
  • LOCCO…. ŞTİ coordinator has approved this policy.
  • The Information Security Policy ensures all the following requirements:
    • Defining processes and information assets and performing methodological risk assessments related to them.
    • Protection of information from unauthorized access
    • Ensuring confidentiality of information
    • Protecting the integrity of information
    • Enabling access to information whenever business processes require it
    • Fulfillment of legal obligations and legal liabilities arising from contracts
    • Developing and improving business continuity plans
    • Providing Information Security training to all employees
    • Reporting and investigating all Information Security violations or suspected violations to the Information Security Management Board.
  • Procedures and accompanying instructions have been defined to support this policy.
  • Information Security is provided by taking into account business needs.
  • The Information Security Management Board ensures that this policy and all related documents are developed, documented and continuously improved as part of the Information Security Management System.
  • All management staff are responsible for ensuring that the units they manage comply with this policy and related procedures.
  • Compliance with the Information Security Policy is mandatory for all employees.