LOGO

INFORMATION

SECURITY POLICY

Purpose

The purpose of the Information Security Policy is to ensure the business continuity of Lutuf Mensucat A.Ş. and its associated group companies and to prevent information security incidents or minimize the risk of damage in order to reduce the impact of potential threats. In this context, it is aimed to comply with the necessary standard conditions and Laws.

Scope

This policy covers information assets within Lutuf Mensucat A.Ş.. It is applied by employees in all locations, in-location and out-of-location suppliers / contractors.

Responsibility

The IT department is responsible for keeping the risks to company information assets within the scope at an acceptable level approved by senior management.

Policy

  1. The goal of the policy is to protect the company's information assets against internal and external intentional or unintentional threats.
  2. The Chairman of the Board of Lutuf Mensucat A.Ş. has approved this policy.
  3. The Information Security Policy guarantees all the following requirements:
    • Identification of processes and information assets and methodological realization of risk assessments related to them
    • Protection of information from unauthorized access,
    • Ensuring the confidentiality of information,
    • Protection of the integrity of information,
    • Ensuring that information is accessible whenever business processes need it,
    • Fulfillment of legal obligations and legal obligations arising from contracts,
    • Development and improvement of business continuity plans,
    • Providing Information Security training to all employees,
    • Ensuring that all Information Security violations or suspected violations are reported to the IT department and examined.
  4. Procedures and related instructions are defined to support this policy.
  5. Information Security is provided by considering business needs.
  6. The IT department ensures the development, documentation, and continuous improvement of this policy and all related documents, the Information Management System.
  7. All management staff are responsible for ensuring that the units they manage comply with this policy and related procedures.
  8. Compliance with the Information Security Policy is mandatory for all employees.