Information Security Policy

Principles of Information Security Policy

SOSPITAS performs the control and monitoring of the information belonging to the enterprise within the flow determined according to the technological infrastructure, and ensures the confidentiality of the information and access authorizations.

Should any security incident occur, it shall immediately notify the parties and legal authorities concerned.

Information owners are ultimately responsible for the information they have.

Objectives of Information Security Policy

a) The purpose of the policy is to protect the information assets of the organization against any threat that may occur from inside or outside, intentionally or unintentionally.

b) The Chairman of the Board of Directors approved the information security policy.

c) The organization's policies are in place to:

The information must be protected against unauthorized access.

The confidentiality of information must be maintained.

The integrity of the information must be maintained.

Access to information is ensured through business processes as required.

Legal requirements must be met.

Business Continuity Plans should be prepared, maintained and tested.

Information security training should be provided to all personnel.

Any gaps that are actually or suspected in information security should be reported to the quality manager, who is also the information security manager, and investigated by the information security manager.

d) The Information Security Management Representative is directly responsible for maintaining and advising and guiding policy implementation.

e) It is the responsibility of every staff member to remain strictly committed to the policy.

f) Information that is not publicly disclosed shall not be disclosed in any way to third parties, except for those who need to know it.