Information Security Policy
INFORMATION SECURITY POLICY
1. PURPOSE
The purpose of this Policy is to define the purpose, objectives and principles of the Main Rent a car Information Security Management System.
2. SCOPE
The provisions of this policy are applied to Main Rent a car personnel and the company and its personnel that provide services with special contracts to the Company or provide external support.
3. POLICY
MÄ°AN regards corporate information as an extremely valuable asset. Information; is critical to the sustainability of our business operations and must be appropriately protected. MAIN aims to minimize the risks that may arise regarding the Confidentiality, Integrity, Usability of corporate information and the effects of these risks by applying the Information Security Management System (ISMS) ISO 27001 standard.
MAIN has adopted the fulfillment of the following issues in particular:
Ensuring the confidentiality, integrity and availability of information and information systems,
To identify risks to information assets and to manage risks in a systematic way,
To fulfill the requirements of Information Security Standards,
To comply with the relevant legislation regarding Information Security,
Evaluating continuous improvement opportunities and carrying out studies in order to keep the Information Security Management System alive,
To provide trainings to develop technical and behavioral competencies in order to increase information security awareness,
Preparation and publication of other sub-procedures related to this policy by the Information Technologies and Information Security Unit.
MAIN's Information Security Policies are valid and mandatory for all MAIN personnel, regardless of geographic location or business unit, who use MAIN information or business systems, whether full-time, part-time, permanent or contracted. All persons, such as third party service providers and their affiliated support personnel, who do not fall into these classifications and need access to MAIN information, must adhere to the general principles of this policy and other security responsibilities and obligations that they must comply with.
3.1 RESPONSIBILITIES OF ALL EMPLOYEES
The purpose of Information Security and this policy is to protect, maintain and manage the confidentiality, integrity and availability of information and all support business systems, processes and applications. This means; Keeping the information of MAIN in authorized hands; Ensuring that the information is complete, accurate and usable is ensuring that the information and systems are ready for use when necessary. For this reason, all MAIN and outsourced personnel and interns, regardless of their positions or duties, are responsible for doing their jobs in a way that protects the information within MAIN.
In addition to ensuring that the information belonging to MAIN is complete, accurate and usable, all MAIN personnel must also comply with the principles of MAIN business ethics and the protection of confidential information specified in the Rules of MAIN Personnel Discipline Regulation.
MAIN; It undertakes to take the measures specified in the Personal Data Protection Law.
3.2 POLICY OWNERSHIP
The functional ownership of this policy and all standards and other supporting documents and training activities will be carried out by the Information Technologies and Information Security Unit, and this management will also be a source of advice and guidance regarding the implementation of the policy within the entire MAIN.
The Information Technologies and Information Security Unit will ensure that all employees receive appropriate training that will create the appropriate level of awareness on Information Security issues and will guide in the handling of information security incidents in general. It will ensure that this policy is supported by detailed standards, procedures and processes where necessary and are available as needed. He will also be responsible for ensuring that these policy requirements are communicated to all employees (permanent or periodic) and to all contractor personnel.
The Information Technologies and Information Security Manager is constantly responsible for ensuring that this policy is kept up-to-date, from the establishment of the general management framework regarding Information Security to its continuity, and that it continues to reflect the business requirements of MAIN and its subsidiaries, or the changes in the risk environment or threats faced by MAIN and its affiliates. will be responsible for the review.
Information Security policies are reviewed at least once a year in parallel with the asset and risk updates made in order to reflect the current risks faced by MAIN information assets. New risks and emerging risks