ISO 27001 Information Security Management System Policy

KASTAMONU INTEGRATED WOOD INDUSTRY & TRADING CO. INFORMATION SECURITY MANAGEMENT SYSTEM

Our Policy is:

• To keep the individual and the data safe,

• To ascertain each employee's authorizations within the Information Security framework, to provide secure access to KEAS and its stakeholders' information assets, and to prevent unauthorized access,

• To protect the availability, integrity and confidentiality of information,

• To minimize the impact of threats on information security risks in business/service continuity, to maintain business continuity and sustainability,

• To protect the reliability and brand image of the company,

• To implement the investments deemed necessary in case of information security breach,

• To meet the information security requirements arising from the national, international and sectoral regulations to which it is subject, fulfilling the legal and relevant legislation requirements, meeting the obligations arising from the agreements, and corporate responsibilities towards internal and external stakeholders,

• To maintain and improve the level of information security with the established control infrastructure.

• To provide trainings to develop technical and behavioral competencies in order to increase information security awareness.

• To meet all responsibilities regarding the processing, protection and destruction of personal information of employees, students, visitors, suppliers and other relevant 3rd parties within the scope of the Personal Data Protection Law No. 6698 (K.V.K.K) and other relevant legislation,