Information Security Policy
As Vezirköprü Forest Products and Paper Inc. A.S employees, our principles for managing all kinds of risks to our business continuity and information assets are as follows:
- Reliability
To prevent access or accessibility of information by unauthorized persons, organizations or other operating systems
- Integrity
to maintain the integrity and accuracy of assets
- Accessibility
To provide accessibility and availability with authorized persons.
And In line with these principles, we undertake
To convey to users their information security obligations and to encourage their implementation by creating information security awareness among our employees,
To document the Information Security Management System in a way that fulfils the requirements of the ISO 27001 standard; to ensure continuous improvement of system suitability, accuracy and effectiveness; to define and evaluate security needs, risks, dangers and vulnerabilities related to information security processes, and to set up the necessary management system,
To put forth the working principles for the processing of risks, to develop and implement controls for security risks, to monitor the risks by constantly reviewing technological expectations and developments,
To comply with all national and international legal regulations and contracts with third parties related to our field of activity and Information Security,
In this context; our relations with our Dealers, with which we cooperate, and with our domestic and foreign customers are very valuable.
The continuity of the services we render, the confidentiality of the information we hold, and the integrity of our customers or information assets within our companies are of high importance.
To be aware of the risks on confidentiality and accessibility of all kinds of information assets belonging to our companies, customers, suppliers and business partners, and to evaluate and manage these risks,
All Company employees are obliged to act in accordance with the published policies and procedures and to fulfil the responsibilities defined for them in order to properly protect the information assets within the scope.
To raise the awareness of users and employees about information security in order to minimize Information Security risks, and to make them aware of their responsibilities,
To ensure the protection of personal information,
to prevent interruptions in processes, to reduce the impact of information security risks for business continuity, and to ensure business continuity.