Information Security Management System

To protect all physical and electronic information assets in accordance with the principles of confidentiality, integrity, and availability, in order to maintain the organization’s legal and regulatory compliance.

To ensure that our information and information security objectives are aligned with the strategies we have defined to achieve our organizational goals.

To identify, assess, and treat information security risks within the risk management framework, thereby mitigating potential threats; and to ensure secure access to the information of our personnel, suppliers, and customers, preventing possible information security breaches.

To achieve the objectives identified through risk assessment by providing sufficient equipment, infrastructure, and employing competent personnel, thereby ensuring the necessary resources and support.

To ensure the implementation and monitoring of the Information Security Policy, and to have management support the enforcement of necessary actions in the event of security breaches.

To ensure the confidentiality of organizational information during electronic and personal communications and when exchanging information with third parties, and to prevent internal information from being shared with unauthorized third parties.

To comply with obligations arising from legal regulations, security clauses in contracts, and business requirements.

To ensure that organizational employees and designated external parties comply with the ISMS policies, procedures, and instructions, and to enforce disciplinary actions in case of non-compliance.

To implement applicable information security requirements, address the opportunities and obligations they entail, and continuously improve these requirements.

To ensure that business continuity and emergency plans, data backup procedures, protection against viruses and hackers, access control systems, and information security breach reporting form the foundation of the ISMS.

To review this policy annually, and in the event of significant changes in regulations or information security practices, to ensure the adequacy, accuracy, and effectiveness of the Information Security Policy by making necessary updates approved by management.