Information Security Policy

At Palida Mühendislik A.Ş., we recognize the critical importance of safeguarding the confidentiality, integrity, and availability of information assets to ensure the continuity of our business, maintain client trust, and comply with applicable laws and regulations. This Information Security Policy establishes the framework for managing information security within our organization in alignment with the requirements of ISO 27001.

Scope

This policy applies to all employees, contractors, and third-party service providers who access or handle Palida’s information assets. It encompasses all data, systems, devices, and processes used within Palida Mühendislik A.Ş., including physical, digital, and cloud-based resources.

Objectives

  • Protect Confidentiality: Ensure that sensitive information is accessible only to authorized individuals.
  • Maintain Integrity: Safeguard the accuracy and completeness of information and processing methods.
  • Ensure Availability: Guarantee that information and systems are accessible when required by authorized users.
  • Comply with Regulations: Adhere to applicable legal, contractual, and regulatory requirements.
  • Promote Awareness: Foster a culture of information security through training and awareness programs.

Policy Statements

  1. Leadership Commitment: Senior management is committed to supporting the implementation, maintenance, and continuous improvement of the Information Security Management System (ISMS).
  2. Risk Management: Information security risks will be identified, assessed, and mitigated through a systematic risk management process.
  3. Access Control: Access to information assets will be granted based on the principle of least privilege and strictly monitored.
  4. Incident Management: All security incidents, breaches, and weaknesses must be reported and handled promptly according to the incident response procedure.
  5. Compliance: Palida will comply with all applicable laws, contractual obligations, and industry standards concerning information security.
  6. Asset Management: An inventory of all information assets will be maintained and classified based on sensitivity and value.
  7. Employee Responsibility: All employees are responsible for adhering to this policy and supporting the organization’s information security efforts.
  8. Third-Party Security: Security requirements will be communicated to and enforced with third-party vendors, suppliers, and partners who access Palida’s information systems.
  9. Physical Security: Measures will be implemented to protect physical locations, equipment, and documents against unauthorized access, theft, and damage.
  10. Business Continuity: Information security controls will be integrated into business continuity and disaster recovery plans to minimize the impact of potential disruptions.
  11. Monitoring and Improvement: Security controls and processes will be continuously monitored, reviewed, and improved to address evolving threats and vulnerabilities.
  12. ISMS Representative: An Information Security Management System (ISMS) Representative will be appointed to oversee the implementation and operation of the ISMS. In the event of their departure, a new representative must be assigned promptly to ensure continuity.

Enforcement

Non-compliance with this policy may result in disciplinary action, up to and including termination of employment or contract. Legal action may be taken if a breach results in significant harm to the organization or its clients.

Review

This Information Security Policy will be reviewed annually or whenever significant changes occur in the organization, legal requirements, or threat landscape.

Approved by:
Ali Polat
CEO, Palida Mühendislik A.Ş.
Date: December 24, 2024

Let's engineer your success together

Partner with us for innovative engineering solutions that prioritize safety, quality, and excellence in every project.

Contact Us