INFORMATION SECURITY MANAGEMENT SYSTEM POLICY


  • Information classification guide is established;
    To determine risk acceptance criteria and risks, develop and apply controls.
  • To ensure implementation of information security risk assessment process for determination of risks on confidentiality, integrity and accessibility of information within the scope of information security management system, determine risk bearers.
  • To define a framework for assessment of impacts of confidentiality, integrity, accessibility of information within the scope of information security management system.
  • To monitor risks consistently by reviewing technological expectations within the context of the scope for which service is provided.
  • To meet requirements of information security arising from national or sectoral regulations, fulfilling the requirements of legal and related regulations, meeting obligations resulting from agreements and corporate responsibilities for internal and external stakeholders.
  • To cease the impact of information security threats for service sustainability and contribute to sustainability
  • To have the competency to intervene actions on information security quickly and minimize the impact of the action
  • To protect and improve the level of information security with a cost-efficient control infrastructure.
  • To develop the corporate reputation and protect it from negative impacts based on information security.

To raise corporate awareness about information with sensitivity at different levels in terms of confidentiality within the scope of information security of Sora Cosmetics, determine and apply logical, physical and administrative controls provided for information with different sensitivity levels; and define storing and discharge rules for data in mobile environments.

Top Management of Sora Cosmetics undertakes to perform, review and improve constantly the activities related to Information Security.