IMER-L&T INFORMATION SECURITY POLICY
1. Purpose
At IMER-L&T, we are committed to protecting the confidentiality, integrity, and accessibility of information assets to ensure the reliability and sustainability of the services we provide to our customers.
This policy has been developed to ensure business continuity, minimize risks, comply with information security standards, and create a secure working environment.
2. Scope
This policy covers all of IMER-L&T’s information assets. The scope of the policy includes:
Digital and physical information assets within the company,
Employees, suppliers, business partners, and customers,
IT infrastructure, databases, networks, and cloud services,
Information stored in written, visual, electronic, and verbal formats.
3. Basic Principles
Confidentiality: To ensure that information is accessible only to authorized individuals.
Integrity: Ensuring the accuracy of information and its protection from unauthorized changes.
Accessibility: Ensuring timely and uninterrupted access by authorized individuals to the information they need.
Risk Management: Taking systematic and proactive measures against information security threats.
4. Responsibilities
All Employees: Comply with information security rules and report suspicious situations and violations to the information security team.
Information Security Team: Take proactive measures against threats, conduct risk assessment processes, raise awareness, and prepare necessary reports.
Senior Management: Ensure the implementation of information security policies, allocate the necessary resources, and monitor the effectiveness of these policies.
Suppliers and Business Partners: Act in accordance with IMER-L&T’s information security policies and prevent unauthorized access to information.
5. Information Security Processes
Corporate Antivirus Use: Corporate antivirus software is installed on all company devices and updated regularly.
Data Leak Prevention (DLP): To prevent data leaks, advanced software is used to prevent sensitive information from being shared with unauthorized individuals.
File Access Authorization: Access to files is restricted through role-based authorization. Access is granted only to authorized individuals.
Data Backup: Critical information is regularly backed up and securely stored in different locations.
Cyber Security Measures: Systems are protected through applications such as firewalls, network monitoring systems, and penetration testing.
Training and Awareness: Employees are regularly trained on information security, and awareness campaigns are conducted.
6. Standards and Legal Framework to be Adhered to
IMER-L&T complies with international standards and local legal regulations. These include:
ISO 27001: Information Security Management System standard,
Law No. 6698 on the Protection of Personal Data (KVKK),
Law No. 5651: Law on the Regulation of Publications on the Internet and the Fight Against Crimes Committed Through These Publications.
7. Actions to be taken in Case of a Violation
The steps to be taken in the event of an information security breach are as follows:
1. Identify the breach and report it to the relevant units.
2. Activate an emergency response plan.
3. Isolate the affected systems or information.
4. Investigate the root cause of the breach and implement preventative measures to prevent recurrence.
5. Notify the relevant legal authorities when necessary.
8. Review the Policy
The Information Security Policy is reviewed and updated annually or in response to system changes, new threats, and legal requirements.
The review process is completed with management approval and feedback from relevant stakeholders.
This policy provides a roadmap for IMER-L&T to ensure business continuity and information security.