The Top Management of the Organization Commits to Implementing the Defined and Accepted Rules and Requirements of Information Security.

All employees and relevant parties within the organization are obligated to operate in compliance with information security requirements.

Top management is committed to preventing and minimizing the loss of confidentiality, integrity, and availability of corporate information.

Top management is also committed to the continuous improvement of information security.

Furthermore, top management undertakes to comply with applicable laws, regulations, contracts, and other legal requirements.

The implementation, operation, and continual improvement of the Information Security Management System (ISMS) is carried out with the contributions of relevant stakeholders. Updating ISMS documentation when necessary is the responsibility of the ISMS Manager. Under the scope of the Corporate Information Security Policy, the organization’s top management and the IT Department will apply the following standards:

    Ensure legal compliance and protect the corporate image,

    Secure access to information assets for both internal personnel and external parties,

    Ensure business continuity and sustainability,

    Enforce institution-wide confidentiality, integrity, and availability of all physical and electronic information assets to enable sanctions in case of information security breaches.

Information and information security requirements will align with the organization's corporate objectives.

ISMS will serve as a mechanism to reduce information-related risks to acceptable levels and enable secure information sharing.

The organization’s existing strategic business plan and risk management framework will identify, define, assess, and control the relevant risks to establish and maintain the ISMS.

The risk assessment, Statement of Applicability, and risk treatment plan explain how information-related risks are controlled.

The IT Manager, Technical Services Manager, and Information Security Manager are responsible for managing and maintaining the risk treatment plan.

Additional risk assessments may be conducted, when necessary, to determine appropriate controls for specific risks. Business continuity and contingency plans, data backup procedures, protection from viruses and hackers, access control systems, and incident reporting mechanisms are essential to this policy. Control objectives for each of these areas are included in the ISMS Statement of Applicability and supported by specific, documented policies and procedures.

All organization personnel and specific external parties defined within the ISMS will receive appropriate training to ensure compliance with this policy and the ISMS it supports.

In line with the requirements defined in the Information Security Management System standard, the top management has allocated the necessary resources for its proper design, continual improvement, and development through systematic assessment.

The organization is committed to maintaining the sustainability of its Information Security Management System certification.