INFORMATION SECURITY MANAGEMENT SYSTEM

The main theme of TS EN ISO 27001:2013 Information Security Management System AVOD Dried GIDA AND TARIM ÜRÜNLERİ SAN. TİC. A.Ş. senior management establishes and executes the Information Security Management System to fulfill the requirements specified in ISO/IEC 27001 in order to realize the goals and policies determined within the scope of ISO27001. As a result of this commitment, it organizes information security awareness programs throughout the company and maintains infrastructure investments.

While establishing ISMS, the ISMS (Information Security Management System) Manager is appointed by the senior management with a letter of appointment. When the ISMS (Information Security Management System) Manager changes or leaves the job, the document is revised by the senior management and the appointment is made again. The senior management is authorized to determine and change the ISMS (Information Security Management System) Manager.

In this direction

Our ISMS Policy

Objective;

• Managing information assets, determining the security values, needs and risks of assets, developing and implementing controls for security risks
• Define the framework for identifying information assets, values, security needs, vulnerabilities, threats to assets, methods for determining the frequency of threats.
• Define a framework for assessing the confidentiality, integrity, availability impact of threats on assets.
• To set out the working principles for the processing of risks.
• Continuously monitor risks by reviewing technological expectations in the context of the scope served
• To ensure the information security requirements arising from national or international regulations to which it is subject, fulfilling the requirements of legal and relevant legislation, meeting its obligations arising from agreements, and corporate responsibilities towards internal and external stakeholders.
• To reduce the impact of information security threats to service continuity and contribute to continuity
• To have the competence to quickly intervene in information security incidents that may occur and minimize the impact of the incident
• To maintain and improve the level of information security over time with a cost-effective control infrastructure.
• Improving corporate reputation and protecting it from negative impacts based on information security
• To ensure the continuity of the Information Security Management System
• To continuously improve the Information Security Management System