Information Security Policy

As İPEK PAMUK: our goals are to protect the trustworthiness and the image that our position represents, ensuring the eligibility of contracts signed with third parties, providing security for all physical and electronic information entities used in information services, in order to ensure the continuity of core and supportive work activities of our company with minimum setbacks.

Risk management framework encompasses identifying, reviewing and processing information security risks. Risk reviewing, statement of applicability and risk processing plan define how information security risks are controlled. Management Representative is responsible for executing and realising this plan.

As İPEK PAMUK: we declare that the management supports ensuring the execution of the “Information Security Policy” and performing the necessary controls, and carrying out the necessary sanctions in cases of security violations.

Our company will constantly improve ISMS by using its information security policy,goals, audit results, analysis of observed events, corrective actions and reviews.

Everyone that uses information processing infrastructure and everyone that accesses information sources:

Must ensure the privacy of the information that belongs to the company in cases of personal and electronic communications and in exchanges of information with third parties, must back up processed information according to their criticality levels, must take the precautions that are detected according to risk levels, must report and inform the relevant entities about information security violations, and must take precautions to prevent these violations. Interoffice information resources (notices, documents etc.) cannot be transmitted to third parties without authorisation. Company information resources cannot be used in activities that violate the Turkish law and any regulations related to these laws. All company employees and external parties identified in the ISMS are responsible for abiding by this policy and any ISMS policies, procedures and instructions that practice this policy.