WhatsApp
Corporate
Products
Media
Career at Ender

Information Security Management System

Our Policies


Information Security Policy

Purpose

The purpose of the Information Security Policy is to ensure the business continuity of Ender Pvc Yapı Elemanları San. ve Tic. A.Ş. and to reduce the impact of potential threats by preventing information security incidents or minimizing the risk of damage.

In this context, an Information Security Management System is established with the aim of complying with the ISO 27001:2013 standard.

Scope

This policy covers the information assets of Ender Pvc Yapı Elemanları San. ve Tic. A.Ş. It is applied by all employees, suppliers, and contractors both within and outside of the locations.

Responsibility

The Information Security Management Board is responsible for ensuring the protection of the confidentiality, integrity, and availability of the company’s information assets within the scope, and for keeping the risks related to the processes at an acceptable level approved by the senior management. They are also responsible for establishing and maintaining the Information Security Management System in accordance with the ISO 27001:2013 standard. This responsibility also includes ensuring that the system meets the requirements of the Personal Data Protection Law (KVKK).

Policy

  • The goal of the policy is to protect the company’s information assets, including its own data and data provided by stakeholders, from both intentional and unintentional internal and external threats.
  • The Coordinator of Ender Pvc Yapı Elemanları San. ve Tic. A.Ş. has approved this policy.
  • The Information Security Policy ensures the following requirements:
    • Identification of processes and information assets and conducting risk assessments in a methodological manner
    • Protection of information from unauthorized access
    • Ensuring the confidentiality of information
    • Ensuring the integrity of information
    • Ensuring access to information whenever required by business processes
    • Fulfilling legal obligations and contractual responsibilities
    • Developing and improving business continuity plans
    • Providing Information Security training to all employees
    • Ensuring that all Information Security incidents or suspected incidents are reported to and investigated by the Information Security Management Board
  • Procedures and related instructions have been defined to support this policy.
  • Information Security is provided with business needs in mind.
  • The Information Security Management Board ensures the development, documentation, and continuous improvement of this policy and all related documents for the Information Security Management System.
  • All management staff are responsible for ensuring that the units they manage comply with this policy and the related procedures.
  • Compliance with the Information Security Policy is mandatory for all employees.