Information is among our company’s main assets. In reaching success, our designs, processes, methods, network data, and information related to customers, business partners and employees are of huge importance. Preserving and ensuring the security of all this information is vitally important for our business, and an integral part of Kazancı Holding’s ongoing operations.
Information security means protecting the organization’s data assets from loss and damage, or from getting into the hands of unauthorized, ill-natured individuals.
Let us not forget!
Information security is the responsibility of all Kazancı Holding employees. Each employee is responsible for protecting the information that they have created, accessed or processed, and performing such duties within the scope of business activities with a conscientious attitude.
Information and communication technologies evolve day by day, rendering easier the access to and use of information. The automation of business processes and the increased use of technology in the field have provided additional benefits, but also created risks arising from the network systems. Ensuring the security of the information we possess is among the foremost priorities of our company. Furthermore, as per EMRA’s regulation amendment dated December 26, 2014, companies active in the energy sector (i.e. natural gas, energy generation and electricity distribution companies) are obliged to obtain ISO 27001 Information Security Management System certification for their corporate IT systems and industrial control systems.
Our company’s goals include:
• Installing an IT security management system for corporate IT systems and operational technology components,
• Clearly defining management and employee responsibilities related to IT security, and integrating these within the overall corporate culture,
• Reducing the visible or invisible IT security weaknesses, violations and incidents by implementing various policies and controls,
• Creating an IT performance management system that can be monitored with performance targets and benchmarks,
• Managing the corporate IT system and industrial control systems in line with the TS ISO/IEC 27001 Information Security System standard, proving to a Turkish Accreditation Institute-approved certification firm that the company operates in accordance with the TS ISO/IEC 27001 standard, receiving certification for these systems, and continuing the validity of the said certificate.
The TS ISO/IEC 27001:2005 Information Security Management System Standard, translated into Turkish and published by the Turkish Standards Institute (TSE), analyzes Information Security under three headings:
• Confidentiality: Ensuring that only authorized individuals can access information, and preventing any leaks
• Integrity: Avoiding the falsification of the data that we use, process, store or transfer for either malignant purposes or by mistake
• Availability: Ensuring that the information is available whenever needed