Information Security Policy

Information Security Policy

• Information risks were defined, identified, evaluated and controlled by the ISMS installed at Tosyalı Demir Çelik. 
• As a result of the risk management framework, risks are taken under control and continuously improved through risk assessment. 
• Information security practices are designed to support the achievement of our company's corporate objectives. 
• The objectives of ISMS have established mechanisms to reduce information-related risks to acceptable levels. 
• This a framework for determining methods to identify information assets, values, security needs, vulnerabilities, and the frequency of threats to assets.  
• The ISMS established and maintained in our company allows for the compliance with national and industrial regulations and the fulfillment of legal and related legislation requirements, obligations arising from agreements, and information security requirements arising from corporate responsibilities for internal and external stakeholders.
• With the Information Security Management System, the confidentiality, integrity and accessibility of information assets are ensured and the continuity of critical business processes is maintained. 
• Information security is managed effectively and the damages that may arise from information security are minimized and the Information Security Management System is continuously improved. 
• Our company rapidly intervenes with information security events and has the competence to minimize the impact of the event. 
• With a cost-effective control infrastructure, the level of information security is maintained and improved over time. 

Dr. Suhat KORKMAZ

CEO