Purpose

The purpose of the Information Security Policy is to ensure the business continuity of 3N AYDINLATMA and its affiliated group companies and to prevent information security incidents or minimize the risk of damage by reducing the impact of potential threats.

In this context, the goal is to establish an Information Security Management System that complies with the KVKK standard.

Scope

This policy covers the information assets within 3N Aydınlatma. It applies to all employees across all locations, as well as on-site and off-site suppliers/contractors.

Responsibility

The Information Security Management Board is responsible for ensuring that the risks to company information assets are kept at an acceptable level approved by top management.

Policy

  • The objective of the policy is to protect the company’s information assets against internal and external intentional or unintentional threats.
  • 3N Aydınlatma Management has approved this policy.
  • The Information Security Policy ensures the following requirements:
    • Identification of processes and information assets and conducting their risk assessments methodologically
    • Protection of information from unauthorized access
    • Ensuring the confidentiality of information
    • Maintaining the integrity of information
    • Ensuring access to information whenever required by business processes
    • Fulfilling legal obligations and contractual legal responsibilities
    • Developing and improving business continuity plans
    • Providing Information Security training to all employees
    • Ensuring that all Information Security violations or suspected violations are reported to and reviewed by the Information Security Management Board
  • Procedures and related instructions are defined to support this policy.
  • Information Security is ensured considering business needs.
  • The Information Security Management Board ensures the development, documentation, and continuous improvement of this policy and all related documents as part of the Information Management System.
  • All management staff are responsible for ensuring compliance with this policy and related procedures within their units.
  • Compliance with the Information Security Policy is mandatory for all employees.