Information Security Policy aims to identify essential requirements in order to provide accessibility, privacy and integrity of Hamurlabs information systems and information assets.
Information Security Policy is prepared taking into account the VII-128.9 Information Systems Management Communiqué (Communiqué) enacted by the Capital Markets Board of Turkey for public companies and the Law on the Protection of Personal Data on the subject.
Hamurlabs has especially adopted the following issues:
Hamurlabs provides the establishment and oversight of the controls required to operate and maintain the Information Security Management System processes through sub-policies, procedures and instructions related to this policy.
Information Security Policies, whether full-time, part-time, permanent or contractual, are valid and mandatory for all employees using all information or business systems, regardless of geographic location or business unit. It is obliged that all persons, such as third-party service providers and their affiliated support personnel, who do not fall within these classifications and need access to Hamurlabs information, adhere to the general principles of this policy and other security responsibilities and obligations to which they must comply.
To establish an effective information security management structure, the Board of Directors approves the Information Security Policy in which the information security strategy and roadmap are determined and require its implementation. Top Management, consisting of Strategy & Digital Assistant General Manager, Assistant General Manager for Finance & Financial Affairs, Legal and Compliance Director, has been authorized by the Board of Directors to approve all standards, procedures and instructions that must be prepared within the scope of the policy. Senior Management performs the necessary resources and authority / responsibility allocations for the establishment and operation of the Information Security Management System. The Senior Management participates in the Information Security Committee as representative of the Board of Directors, which periodically reviews the information security system.
All employees are obliged to comply with all policies and procedures published under Information Security Management System category, report any security breaches and violations, perform all The main aim of Information Security and this policy is to protect, maintain and manage the confidentiality, integrity and availability of information and all support business systems, processes and applications which means the information remains in competent responsibles ensuring that information is complete, accurate and available and information is available to systems when needed. Therefore, all Hamurlabs employees, interns, outsourced employees, dealers, suppliers are required to adhere to Hamurlabs information security rules. In this context, asset and process owners are required
Hamurlabs employees are obliged to comply with Hamurlabs Global Code of Conduct and also employees must protect confidential information specified in Hamurlabs Personnel Regulation. Hamurlabs commits to take precautions specified in Personal Data Protection Regulation and comply with Koç Holding Personal Data Protection Regulation.
Arrangements regarding information security that third parties providing goods and services to Hamurlabs and their employees must comply with are determined through the relevant contracts and security protocols. These include a minimum of the following:
The functional ownership of this policy and all standards and other supporting documents and training activities will be carried out by IT Security Management and this management will also be a source of advice and guidance regarding the implementation of the policy throughout Hamurlabs.
IT Security Management will ensure that all employees receive appropriate training to ensure the appropriate level of awareness about Information Security issues and will generally guide the handling of information security incidents. This will ensure that this policy is supported by detailed standards, procedures and processes when necessary, and when they are ready to use as needed. It will also be responsible for ensuring that these policy requirements are passed on to all employees (permanent or periodic) and to all contractor staff. In addition, IT Security Management is also responsible for ensuring that policy requirements are received by all employees, including permanent or periodic and to all contractors.
Top Management will ensure that establishment of a general management framework related to Information Security and this Information Security Policy, ensuring its continuity and up-to-dateness. Top Management will be responsible for the ongoing review of Hamurlabs and its subsidiaries to ensure that they continue to reflect business requirements or information and changes in the risk environment or threats facing information systems.
Information Security policies are reviewed at least once a year in parallel with the asset and risk updates made to reflect the current risks faced by information assets of Hamurlabs. Information Security Policies are updated with necessary informations to control new risks and changes in risks. Besides, any Hamurlabs employee may request IT Security Management to change policies for improving them and reflecting the control needs of Hamurlabs. All requests are evaluated by IT Security Management.
Information Security Policy principles should be applied in line with Hamurlabs Human Resources Employee Regulations. Employees are also responsible for being aware of and complying with these Information Security Policy principles.
Each unit manager is primarily responsible for taking the necessary precautions and monitoring the system to ensure compliance with the Information Security Policy.
IT Security Management is responsible for audits carried out periodically and reporting to relevant parties regarding compliance with all published policies and procedures, especially Information Security Policy.
Information Security Policy violations may cause Hamurlabs to be harmed as a result of not applying the necessary controls against the risks, and also to result in criminal liability under the new Turkish Penal Code and the liability for damages. Furthermore, these violations are also meant to violate Hamurlabs Employee Regulation and may result in disciplinary action.
Information Security Policy violations detected as a result of both surveillance, inspection and notice may result in the implementation of internal disciplinary penalties, termination of employment, and even the initiation of Judicial and Criminal legal procedures.
Working together on the implementation of this policy will help to maintain our knowledge and reputation continuously and to ensure the continuity of our business success.
For the purpose of continuing Hamurlabs's reputation, reliability, information assets, and basic and supportive business activities with the least possible business interruptions; Hamurlabs Information Security aims to;
All employees are responsible for contributing objectives listed in this policy.
