INFORMATION SECURITY POLICY

In order to realize the goals and policies of the institution in the ISMS process, it will be established and operated in a way that all the requirements in ISO / IEC 27001 will be fulfilled, will comply with the published and implemented Information Security Management System, and will allocate the necessary resources and necessary infrastructure investments for the efficient operation of the system, The Senior Management of ATU Tourism Management Inc. undertakes to improve the efficiency of the process continuously and ensure that it is understood by all employees.

ATU Tourism Management Inc. has legal and commercial responsibilities for the adequate protection of its data and systems and for managing any security risks associated with the operation of information technologies. ATU Tourism Management Inc. aims to implement an Information Security Management System in accordance with ISO/IEC 27001 Standard, in order to guarantee the confidentiality, integrity and accessibility of information and communication systems, to manage security risks, and protect operational and financial data.

In accordance with ISO/IEC 27001 ISMS requirements, thanks to our processes that we carry out with a risk-based thinking approach and constantly improve, we undertake and ensure that the products and services we provide meet the needs and expectations of our customers, and that the information of our employees, customers, suppliers and business partners is properly protected.

The purpose of this Information Security Policy approved by the Senior Management of ATU Tourism Management Inc. ;

• To protect the information assets of the organization against all kinds of threats that may arise intentionally or unintentionally, from internal or external,
• To protect against access by unauthorized persons who will try to disrupt the confidentiality and integrity of information,
• Ensuring accessibility to information through business processes as necessary,
• To meet the legal requirements,
• To prepare, maintain and test business continuity plans,
• To provide awareness by giving information security trainings to all personnel,
• To carry out risk analysis studies in order to ensure the effective management of the Information Security Management System,
• To carry out studies as risks evaluation, analyzing risk and risk processing to develop the necessary measures and prevent possible risks, in order to manage information security risks,
• To provide to report and investigate all actual or suspicious vulnerabilities in information security,
• To meet business requirements for information accessibility and information systems,
• To make the processes included in the scope compatible with the Information Security Management System,
• To review the success of our information security management system in achieving the intended results periodically, to ensure that the necessary improvements are implemented in a timely manner.

ISMS POLICY FOR OUTSOURCED EMPLOYEES