Information Security Policy

Duyar Vana Mak. San. A.Ş. collects, classifies, shares and secures information for its own internal processes and for all related parties with whom it is in contact in order to ensure that the leaders at all levels of the company make effective and timely decisions.

Being aware of the importance of information for the accurate, timely and complete performance of the business and ensuring business continuity, the Company has determined its processes from the production, processing and controlled disposal of information.

• To determine the necessary measures by making risk analyzes to keep information assets under control and to keep risks under control,
• To make timely updates by following the currency of the systems used, to follow technological developments, to renew the systems and hardware used in parallel with technological developments, to protect information resources against all kinds of threats and to allocate resources,
• To ensure the training of all employees using information assets and, where necessary, other relevant parties, and to increase the awareness of employees on information security and continuity through training and studies,
• To continuously improve the effectiveness of the Information Security Management System,
• To follow the regulations related to national and international laws and regulations, to reflect them to its own systems and to make its practices in compliance with the laws,
• Ensuring confidentiality by preventing uncontrolled access to information,

Information Security Management System in accordance with ISO 27001:2013 standard and ensure its continuity and effectiveness. Responsibilities including security reporting have been determined.

Lower level practices are determined by procedures and instructions, and the controls applied are explained in the "Implementation Statement Document".

Ömer DUYAR

Chairman of the Board of Directors

16 November 2015