INFORMATION SECURITY POLICY

The purpose of Erkurt Holding Information Security Policy is to ensure the continuity of all business processes, especially the production processes of Erkurt Holding and its group companies serving the Automotive and White Goods sectors, and the safety of their activities to prevent information security violation by mitigating the impact of potential threats regarding information and to minimise the damage risk.

Compliance with the Information Security Management system with the ISO/IEC 27001 standard covers all information assets of Erkurt Holding and group companies. The employees in all locations, internal and external suppliers and contractors are obliged to operate in accordance with the procedures based on this policy.

As the Board of Directors, we undertake to meet the needs and expectations of our customers and create a complete customer satisfaction and to maintain a compliance in order to ensure that the application of the legal and related parties for applicable conditions will be in a structure in which all processes are defined end-to-end and that is digitally traceable, based on the development and continuous improvement of the Information Security Management System.

Based on this aim, our priorities and targets for the purpose of protecting the information assets of Erkurt Holding and its group companies against internal and external, intentional or unintentional threats are:

  • Ensuring information integrity, accessibility and confidentiality by protecting the reliability and corporate reputation of the company,
  • Providing trainings to improve technical and behavioural competencies of all employees in order to raise awareness on information security,
  • Defining information assets and business processes and ensuring systematic management of risk assessments on this regard and enabling continuous improvement,
  • Complying with all legal legislation and agreement related to information security,
  • Ensuring compliance of agreements with customers, business partners, suppliers, non-governmental organisations, public institutions and organisations with the relevant legislation,
  • Ensuring that the basic and supportive business activities of the organisation continue with minimum interruption and implementing the contingency action plan in extraordinary situations,
  • Protecting corporate applications, information, communication network and equipment against losses, unauthorised use and abuse,
  • Ensuring that all users are fully aware and informed of the Information Security Policy and related supporting procedures and instructions,
  • Ensuring the information security by realising the actions for the detection, reporting and recording of the said violation in the event of a information safety violation.

Click for our policy document

Personal Data Protection Disclosure Statement

Personal Data Protection Application Form