This policy aims to ensure the business continuity of Muradiye Electricity Generation Inc. and to minimize the risks and damages arising from security breach incidents.
Scope:
This policy applies to Muradiye Electricity Inc. and all companies within its scope and objectives, covering their information security management systems, employees, and business functions at the relevant locations.
The Information Security Policy of Muradiye Electricity Inc. and all companies within its scope aims to ensure the following:
The companies in question ensure the confidentiality, integrity, and availability of all information belonging to relevant parties. All companies maintain an up-to-date asset inventory for all assets that process, store, or transmit information. Risk analyses are conducted on these assets, and preventive measures are implemented to minimize identified risks. Access to information is granted strictly within authorized limits to maintain confidentiality. The integrity of information is ensured by protecting it against unauthorized modifications and recording any changes made. Availability is ensured by making information accessible to authorized users when needed. All policies and procedures supporting this policy are implemented by each unit, and all legal requirements are fulfilled. Continuous training and awareness programs on information security are provided for all employees. All information security vulnerabilities and suspicious incidents are reported to relevant parties, who ensure ongoing improvement and controls.
I hereby commit that the above-mentioned items are fully supported by management.
Applicability:
All employees of Muradiye Electricity Inc. and all companies within its scope who have access to or influence over information assets covered by the Information Security Management System are responsible for the implementation of this policy, and the management of these companies that approve the policy commit their full support.
Objectives:
1. To determine the value of information assets through appropriate risk assessment, understand their vulnerabilities and the threats that may put them at risk, and reduce risks to acceptable levels. 2. To fulfill legal requirements through the design, implementation, and maintenance of the Information Security Management System (ISMS). 3. To maintain the organization’s reliability and protect its corporate image. 4. To comply with all customer contract requirements related to information security. 5. To ensure the business continuity of the organization. 6. To ensure and maintain compliance with TS ISO/IEC 27001.
Continuous Improvement:
All companies within the scope and objectives of Muradiye Electricity Inc. continuously improve the Information Security Management System (ISMS) by utilizing audit results, analysis of monitored information security incidents, corrective and preventive actions, and management reviews.
IS Board Meeting:
It is carried out as specified in the ISMS Roles and Responsibilities document.
Responsibilities and Sanctions:
The management of all companies within the scope and objectives of Muradiye Electricity Inc. establishes this policy, ensures its implementation, and reviews it regularly. All employees of the relevant companies are responsible for complying with this policy and the supporting procedures and instructions. Management reserves the right to apply one or more sanctions, such as warnings, reprimands, fines, or contract termination, in cases of non-compliance with the policies, procedures, and instructions established under the Information Security Management System (ISMS). In the event of violations of security and operational policies by personnel, the management of all companies within the scope and objectives of Muradiye Electricity Inc. shall take the necessary disciplinary measures against the personnel. If such violations cause any damage to the companies or the parties they serve, the management of the relevant companies may hold the responsible personnel liable to compensate for the damage. Any deliberate actions by employees of all companies within the scope and objectives of Muradiye Electricity Inc. that may compromise the security of information belonging to customers or suppliers are subject to disciplinary action and/or legal measures. The Information Security Manager supports the implementation of this policy through appropriate standards and procedures. All companies within the scope and objectives of Muradiye Electricity Inc. maintain and update the ISMS IT infrastructure to ensure its continuity. All personnel and contracted suppliers are subject to the Information Security Policy. All employees are responsible for reporting security incidents and identifying and reporting any vulnerabilities.
Review:
The ISMS is managed in an integrated manner alongside other management systems we implement, with the aim of maintaining the reliability and corporate image of our brands and serving as a role model organization in terms of information security. As the management of all companies within the scope and objectives of Muradiye Electricity Inc., I hereby declare that the management supports the implementation of the Information Security Policy, ensures compliance with legal regulations, enforces necessary sanctions in case of security breaches, promotes continuous improvement, and provides the required resources to enhance information security processes.
Leadership:
The top management of all companies within the scope and objectives of Muradiye Electricity Inc. demonstrates leadership and commitment in relation to the Information Security Management System by fulfilling the following: a) Ensuring the development of the information security policy and objectives and their alignment with the organization’s strategic direction. b) Ensuring the integration of the Information Security Management System (ISMS) requirements into the organization’s processes. c) Ensuring the availability of necessary resources for the Information Security Management System (ISMS). ç) Communicating the importance of effective information security management and compliance with the requirements of the Information Security Management System d) Ensuring the achievement of the intended outcomes of the Information Security Management System, e) Guiding and supporting individuals to contribute effectively to the performance of the Information Security Management System, f) Supporting continuous improvement. g) Supporting other relevant management roles to demonstrate leadership within their areas of responsibility.