Our Information Security Policy

Our Information Security Policy

Objective
The purpose of the Information Security Policy is to prevent information security incidents or minimize the risk of damage in order to ensure the business continuity of TİHCAD and its affiliated group companies and to reduce the impact of potential threats. In this context, the Information Security Management System has been established and it is aimed to comply with the ISO 27001:2013 standard.

Scope
This policy covers the information assets within TİHCAD. It is applied by employees at all locations, in-location and off-location suppliers / contractors.

Responsibility
The Information Security Management Board is responsible for keeping the risks to the company's information assets at an acceptable level approved by the senior management within the scope.

Policy
The objective of the policy is to protect the company's information assets against internal and external intentional or unintentional threats. The General Chairman of the Board of Directors of TİHCAD has approved this policy.

The Information Security Policy ensures all the following requirements:
- Identification of processes and information assets and methodological realization of risk assessments related to them
- Protection of information from unauthorized access
- Ensuring confidentiality of information
- Protecting the integrity of information
- Possibility to access information whenever business processes need it
- Fulfillment of legal obligations and contractual obligations
- Developing and improving business continuity plans
- Providing Information Security trainings to all employees
- All Information Security breaches or suspected breaches should be reported to
- Ensuring that it is notified to and reviewed by the Safety Management Board
- Procedures and related instructions have been defined to support this policy.
- Information Security is ensured by considering business needs.
- The Information Security Management Board is responsible for this policy and all related documents,
- It ensures the development, documentation and continuous improvement of the Information Management System.
- All management staff are responsible for ensuring that the units they manage comply with this policy and related procedures.
- Compliance with the Information Security Policy is mandatory for all employees.