Information Security Policy
- Information security risks are assessed by all departments/functions of the company in line with Çelebi Group policies which are published in Çelebi Group’s intranet. Each department/function shall be aware of sharing the responsibility of assessing the Information Security risks. The priority of risks shall be determined, and necessary measures shall be taken.
- Confidentiality, integrity, and accessibility should be maintained at all levels in accordance with the requirements of the work and the business including but not limited with the processing, transmission and storage of the relevant information.
- The Top Management shall allocate sufficient resources to bring the security measures of the information systems to the appropriate level and ensure that the necessary security controls are established in accordance with this and Information Security related procedures.
- The establishment of security measures is based on the layered security architecture to protect against multiple threat vectors through multiple layers of security.
- IT department ensures current developments in security, new threats and vulnerabilities are monitored and, the necessary software updates and patches are applied.
- IT department ensures the incidents related with the Information Security violations are monitored continuously and reviewed periodically.
- The use of reliable objective information and all possibilities of technology are given importance and priority in decisions and actions. It is guaranteed that the data in the current IT systems shall be up to date and accurate.
- All and any of customer information, patentable, copyrightable, trade secret, know-how and other proprietary information, licenses, account information, pending patent applications, concepts, designs, techniques, specifications, sketches, drawings, models, inventions, apparatuses, equipment, financial data, marketing plans, hardware and software, organization, infrastructure, processes and technology information whether orally, visually and/or in writing are protected by accurate and updated security measures.
- Information systems and the data processed, stored and transmitted on information systems are classified according to their degree of security sensitivity and information ownership is assigned. The appropriate level of security controls are established for each information classification by Information Asset Owner.
- Each department within Çelebi Group should be the custodian of the data it generates and uses to conduct its business.
- Information is not shared without the having written approval from the Information Asset Owner.
- Each Employee is responsible to mark the Information Asset and any Corporate Information which have a confidential nature.
- Employees are prevented from the unauthorized access to information assets by the necessary measures implemented on IT systems.
- IT department ensures appropriate security measures are taken to protect the IT systems against network attacks.
- The Corporate Information shall only be used for Çelebi Group’s purposes, interests, values and principles approved by the Top Management.
- In order to provide appropriate and high-quality solutions with good commercial and industrial practice to each of our customers, Çelebi Group takes all necessary measures to make its infrastructures and systems up and running. The relevant legal requirements are followed and applied by all units and functions of Çelebi Group.
- Penetration test of company information systems is performed by an appropriate and qualified team at least once a year. Actions are planned and implemented accordingly.
- Information Security requirements are defined by procedures and are regularly communicated to all Employees and related third parties. Çelebi Group takes all necessary measures to ensure all Employees comply with these procedures and each Employee has a direct access to this procedure.
- Employees receive the information security awareness training at least once a year.
- This procedure applies to Çelebi Group, related third parties and their employees. Each party is primarily responsible for fulfilling the requirements of this procedure.