Information Security Policy (ISP)

INFORMATION SECURITY POLICY

Within the framework of the Information Security Management System, Kros Otomotiv aims to minimize the risks that will affect business continuity regarding the Confidentiality, Integrity and Availability of corporate information and the effects of these risks.

In order to sustain the information security management system, it is committed to fulfill the following objectives in particular:

  • To sustain and improve reliability by protecting the confidentiality, integrity and availability of corporate information, assets and information systems,
  • To ensure compliance with all legal regulations regarding Information Security and other requirements that we undertake to comply with; to ensure compliance with contracts with our customers, business partners, suppliers, non-governmental organizations, public institutions and organizations,
  • To identify and systematically manage risks to information assets and business processes, thereby ensuring that administrative, operational and supportive business activities continue with minimum interruption,
  • Being aware of the importance of the Information Security Management System, to evaluate continuous improvement opportunities and to carry out continuous improvement activities by determining policies and standards, documenting them and allocating the necessary resources,
  • To conduct trainings to improve technical and behavioral competencies in order to raise awareness on information security,
  • To ensure that security violations are managed and administrative and criminal sanctions are applied when necessary,
  • To protect the confidentiality of important data such as customer data, supply sources and employee information for our current activities within the scope of information security,
  • To ensure that personal and company-specific data are processed in accordance with the law and honesty rules, accurate and up-to-date, for specific, clear and legitimate purposes,
  • To ensure that personal and company-specific data are relevant, limited and measured for the purpose for which they are processed and to keep them for the period stipulated in the relevant legislation or required for the purpose for which they are processed.

Kros Otomotiv, Information Security Policy is valid and mandatory for all full and part-time Kros Otomotiv personnel using corporate information or business systems, regardless of geographical location or business unit. All persons who do not fall into these classifications, such as third party service providers and their affiliated support staff who need access to Kros Otomotiv information, must adhere to the general principles and obligations of this policy.

You can click here to open our information security policy.