Information Security Policy

Purpose

It is aimed to establish an information security policy in line with the strategic direction of TRENDYFLIGHT/PARSPRO TURİZM TİCARET ANONİM ŞİRKETİ and to define the basic information security principles.

Scope

The scope of the Information Security Policy is the organization and information values defined in the Scope and Boundaries document.

Responsibilities

Senior Management

It is responsible for ensuring that the Information Security Policy meets the needs of the organization, providing the necessary support and supervision for its implementation, reviewing the policy at least once a year or in cases that may require changes in the corporate policy. The ISMS Representative performs this task on behalf of the senior management and the General Manager certifies it.

ISMS Representative

The authority / person who assumes responsibility to the senior management at every stage from the establishment of the Information Security Management System to its operation and management.  

ISMS Team

The ISMS team assigned by TB’s Senior Management is responsible for ensuring that the Information Security Policy meets the needs of the organization, providing the necessary support and oversight for its implementation, and reviewing the policy at least once a year or in cases that may require changes to the corporate policy.

All Staff

It is responsible for the fulfillment of the requirements of the Information Security Policy as required by their areas of duty.

Definitions

  • ISMS: Information Security Management System
  • ISMS Team: The ISMS team is the organization that represents the management, assumes responsibility for the successful continuation of the ISMS and ensures its supervision.
  • ISMS Internal Auditor: A person who is independent from the implementation and operation of the ISMS, has the experience, training and certifications to perform the ISMS audit, and performs the internal audit of the ISMS. The internal auditor may be an organization personnel or may be provided from outside the organization

Management Support

  • Senior management supports the ISMS in practice through the activities carried out under the ISMS Coordination team, ISMS Representative and ISMS Internal Auditor personnel appointments, ISMS investment, expense and training budgets, management review activities.
  • Senior management provides leadership to achieve ISMS objectives by complying with and encouraging compliance with ISMS policies and procedures.
  • Senior management communicates the importance of managing information security risks to the organization’s reputation and continuity of operations by implementing managerial activities and through corporate policies.
  • It evaluates the risks at least once a year and reviews the Information Security Policy to ensure the continuity and sustainability of the system.

Information Security Policy

  • To identify risk acceptance criteria and risks, develop and implement controls.
  • To ensure the implementation of the information security risk assessment process to identify risks related to confidentiality, integrity and accessibility losses of information within the scope of the information security management system, to identify risk owners.
  • To define a framework for assessing the confidentiality, integrity and accessibility impacts of information within the scope of the information security management system.  
  • To monitor continuously monitor risks by reviewing technological expectations in the context of the scope served
  • To ensure the information security requirements arising from national or sectoral regulations to which it is subject, to fulfill the requirements of legal and relevant legislation, to meet its obligations arising from agreements, and corporate responsibilities towards internal and external stakeholders.
  • To reduce the impact of information security threats to service continuity and contributing to continuity
  • To have the competence to quickly intervene in information security incidents that may occur and minimize the impact of the incident
  • To maintain and improve the level of information security over time with a cost-effective control infrastructure.
  • To enhance corporate reputation and protect it from negative impacts based on information security.
  • To increase corporate awareness about information with different levels of sensitivity in terms of confidentiality within the scope of information security of TRENDYFLIGHT/PARSPRO TURİZM TİCARET ANONİM ŞİRKETİ to determine and implement the logical, physical and administrative controls recommended to be applied for information with different levels of sensitivity; to define the rules of storage and destruction of data on portable media.

TRENDYFLIGHT/PARSPRO TURİZM TİCARET ANONİM ŞİRKETİ Senior Management is committed to the realization, review and continuous improvement of practices related to Information Security.