Information Security Policy

Gözen Security is committed to information security in line with its objectives, values, and strategic targets by adopting Gözen Holding’s policy.

Gözen Security (Corporation) management aims;

• To protect the reliability and image of the corporation
• To make sure that the contracts made fulfill the information security requirements, and
• To ensure the continuance of the fundamental and supportive activities of the corporation with minimum interruption.

Gözen Security, within this scope, undertakes to take measures in order to ensure and protect the confidentiality, integrity, and accessibility of the information assets of the corporation.

Defining, evaluating, and processing the information security risks are addressed under the risk management of the corporation.

Everyone who uses the information technology infrastructure and accesses the information sources of the corporation:

• Ensures the confidentiality of the information belonging to the corporation in personal and electronic communication and the information exchange with third parties, and,
• Backs up the information he/she processes according to the levels of criticality, and
• Takes the security measures determined according to the risk levels,
• Has information about the information security violations, does not commit violations, and reports any information security incidents observed to the Information Security unit,
• Does not share the internal information sources with unauthorized persons, and does not use them for activities violating the Republic of Turkey laws and related regulations.

Employees of the corporation, and external parties such as third parties, suppliers, customers, and visitors are required to comply with this policy and the other policies, procedures, and instructions ensuring the implementation of this policy.

Gözen Security management is responsible for supporting the information security infrastructure and maintaining its operation.

Corporation undertakes to give “Information Security Awareness Training” to all employees in the form of e-training or classroom training in order to ensure awareness, to continuously improve information security, and to meet the legal regulations and arrangements and the applicable expectations of the related parties.

In case of any failure to observe and comply with the information security policies, procedures, and instructions, then the sanctions such as warning, reprimand, and termination of the contract shall be applied as per the personnel regulations of the Corporation.

Corporation’s top management is ready to provide any support in order to protect the information assets according to the rules in the Information Security Policy, create information security awareness, establish a common corporate culture, determine the risks, and take the necessary actions to minimize the weaknesses, and execute the applicable sanctions in case of security violations.

Corporation ensures compliance with the Information Security requirements by internal and external inspections, reporting the inspection results to the management, and taking the actions related to such results.