Objective:
This policy aims to ensure the business continuity of RHG Enertürk Enerji and to minimize the damages and risk arising from security breach incidents.
Scope:
This policy covers the information security management system, employees and business functions of RHG Enertürk Enerji.
Information Security Policy
It is the policy of RHG Enertürk Enerji to provide the following provisions.
• RHG Enertürk Enerji ensures the confidentiality, integrity and accessibility of the information of all relevant parties,
• RHG Enertürk Enerji maintains an up-to-date asset inventory of all assets that process, store, or transport information and information assets. Conducts risk analysis regarding the assets in this asset inventory and takes measures to minimize the risks for these risks,
• Confidentiality of the information is ensured only by granting access within the authority,
• The integrity of the information is ensured by protecting it against unauthorized changes and recording the changes performed,
• When information is needed, its accessibility is ensured by making it available to authorized users,
• All policies and procedures that support this policy are implemented by each unit. All legal requirements are fulfilled,
• Awareness raising is provided by providing continuous training on Information Security for all employees,
• All Information Security vulnerabilities and detected suspicious situations are reported to the relevant persons. Continuous improvement and controls are provided by the relevant authorities.
Applicability:
The entire RHG Enertürk Enerji employees in any relationship with the information assets covered by the Information Security Management System are responsible for implementing this policy and will have the support of the RHG Enertürk Enerji management who has approved the policy.
Goals:
1. Identifying the value of information assets through appropriate risk assessment, understand their vulnerabilities and threats that may put them at risk, and reducing risks to acceptable levels.
2. Fulfilling the requirements in relevant laws through the design, implementation and maintenance of the Information Security Management System.
3. Maintaining the Credibility and image of the organization.
4. Complying with all customer agreement terms related to Information Security.
5. Ensuring the Business continuity of the organization.
6. Ensuring and maintaining compliance to TS ISO IEC 27001.
Continuous Improvement:
RHG Enertürk Enerji continuously improves the Information Security Management System by using audit results, analysis of monitored information security incidents, corrective actions and management reviews.
IS Board Meeting:
Held in accordance with the procedure indicated in the ISMS Roles and Responsibilities document.
Responsibilities and Sanctions:
RHG Enertürk Energy management establishes this policy, ensures its implementation and reviews it. The entire RHG Enertürk Enerji employees are responsible for complying with this policy and the procedures and instructions supporting this policy. Management shall apply one or more of the sanctions such as warning, reprimand, fine and termination of the employment agreement for the personnel of the organization in case of non-compliance with the Policies, Procedures and Instructions established within the scope of the Information Security Management System.
In case of violation of RHG Enertürk Enerji security and operation policies by the personnel, necessary disciplinary measures are taken by RHG Enertürk Enerji management. In case RHG Enertürk Enerji or the persons it provides services sustain harm in any way due to such violations, RHG Enertürk Enerji management may compensate the responsible personnel for the damage.
RHG Enertürk Enerji is subject to any intentional act, disciplinary action and/or legal action that will jeopardize the security of information belonging to its customers or suppliers.
The Information Security Manager supports the implementation of this policy through appropriate standards and procedures. RHG Enertürk Energy Information Security Board updates the ISMS infrastructure and ensures its continuity.
The entire staff and contract suppliers are subject to an information security policy. The entire personnel are responsible for reporting security incidents and reporting identified vulnerabilities.
Review:
This policy is regularly reviewed by the RHG Enertürk Energy Information Security Board once a year, taking into account significant security vulnerabilities and threats, and based on controls related to process or technical infrastructure changes. This policy, which is reviewed and updated, is approved by RHG Enertürk Energy Management. Reviews include the structure and effectiveness of recorded security vulnerabilities, the impact of audits on work efficiency, and the effects of technological change. As RHG Enertürk Energy Management, I declare that the management supports the implementation of the "RHG Enertürk Energy Information Security Policy", its controls and the enforcement of the necessary sanctions in security violations.