DEVA HOLDING INFORMATION SECURITY POLICY

Our aim is within the framework of Capital Market legislation, the company's articles of association and other relevant legislation (TS ISO/IEC 27001 Information Security Management System standard).;

To ensure the integrity, confidentiality (protection against unauthorized access), protection and usability of company and customer information, which is an important enterprise entity within the scope of information security management system, to ensure the implementation of risk assessment, to maintain business continuity in our organization and to maintain the accuracy, reliability of our system in our relations with all our business partners and customers.

Our targets;

  •  Ensure and maintain information security, accurate and complete content, confidentiality, integrity, sustainability and the accessibility of the relevant information to the relevant persons, and ensure information security in the business processes of the company.
  • Continuously monitor risks by reviewing technological expectations within the context of the scope of service,
  • To meet the national and sectoral legal and related legislation requirements, to meet the obligations arising from the agreements, to provide the information security requirements arising from the corporate responsibility for internal and external stakeholders.
  • To reduce the impact of information security threats related to continuity of Service and to contribute to continuity, to make improvement works.
  • To be able to respond quickly to information security incidents that may occur and to minimize the impact of the incident, and to review the validity and applications of the information security management system with internal audits to be carried out at regular intervals for this purpose
  • Maintain and improve the level of information security over time with a cost-effective control infrastructure,  Creating a conscious and competent human resource by providing information security training to all employees,
  • To ensure the systematic management of risks to information security, to analyze security risks related to confidentiality, integrity and accessibility losses, and to establish an effective information security risk management approach in order to mitigate or eliminate identified risks to an acceptable level,
  • To improve the reputation of the company, to avoid the negative effects based on information security.
  • To increase corporate awareness about information sensitive to different levels of confidentiality within the scope of information security of Deva Holding and its subsidiaries, to determine and apply the recommended logical, physical and administrative controls to be applied for information with different levels of sensitivity; to define the storage and destruction rules of data in portable media. Access to information according to the degree of confidentiality in line with authorization rules.
  • To support our Information Security Policy with sub-systems and procedures such as "Password Management", "Clean Table", "Clean Screen", "Authorization in IT Systems", "System Backup", "Internal and External Communication Security" and "Network Management".

As top Senior of Deva holding;

We undertake that we will establish mechanisms related to Information Systems Management and Security, ensure implementation of applications, monitoring, business continuity and continuously develop our information management system with the participation of all our employees.

 

Philipp Haas
Chairman of the Board of Directors and CEO
Mesut Çetin
Deputy Chairman of the BOD and CFO