Information Security Policy

The main theme of TS EN ISO 27001:2013 Information Security Management System; “Information Security activities" In its activities; to demonstrate that information security management is provided within human, infrastructure, software, hardware, organizational information, third party information and financial resources, to secure risk management, to measure information security management process performance and to ensure the regulation of relations with third parties on issues related to information security.

In this direction, the purpose of our ISMS Policy is;

Managing information assets, determining the security values, needs and risks of assets, developing and implementing controls for security risks.
 
Defining the framework that will determined by the methods used to identify information assets, values, security needs, vulnerabilities, threats to assets, frequency of threats.
 
Defining a framework for assessing the confidentiality, integrity and availability impact of threats on assets.
 
ISO21434, ISO24004, ISO24034, IATF16949, Tisax Aiming to ensure compliance with regulations for the automotive industry.
 
Fulfilling the appropriate ISMS requirements to make our organization a global electronic system supplier in the automotive electronics industry.
 
Provide working principles for the processing of risks.
 
Constantly monitoring risks by reviewing technological expectations in the context of the scope of the service provided.
 
To ensure information security requirements arising from national or international regulations to which it is subject, to comply with the requirements of legal and relevant legislation, to fulfill its obligations arising from contracts, to fulfill its corporate responsibilities towards its internal and external stakeholders.
 
Reducing the impact of information security threats to service continuity and contributing to continuity.
 
Having the competence to react quickly to information security incidents that may occur and to minimize the impact of the incident.
 
Preserving and improving the level of information security over time with a cost-effective control infrastructure.
 
Improving corporate reputation and protecting it from negative impacts based on information security.
 
Continuously improving the Information Security Management System.
 
Complying with the regulations and laws regarding the protection of personal data, showing maximum effort for the protection of personal data
 
Rev. 02
TOP