Information Security Policy

The ISMS (Information Security Management Systems) at Tosyalı Holding has defined, specified, assessed, and seized control of information risks.

The implemented risk-management framework has taken risk under control and constantly improves risk with risk evaluation and risk assessment.

Information security practices have been determined to support meeting the corporate goals of our company.

ISMS goals create the mechanisms necessary to minimize the risks regarding information to acceptable levels.

It is a framework that specifies methods to determine the frequency of threats against information assets, values, security needs, vulnerabilities, and assets.

The ISMS established and maintained at our company fulfills the requirements of the law and relevant legislation, complies with subjected national and sectoral regulations, meets obligations emerging from agreements, and provides the information security requirements originating from corporate responsibilities aimed at internal and externa stakeholders.

The scope of the Information Security Management System provides for information asset confidentiality, integrity, and accessibility and protects the continuity of critical business processes.

The effective management of information security minimizes the damages that may occur regarding information security, and applications constantly improve the Information Security Management System.

Our company quickly intervenes in information security incidents and has the competence to minimize their effects.

It protects and improves over time the level of information security with a cost-effective control infrastructure.