INFORMATION SECURITY POLICY
Modanisa Elektronik Mağazacılık ve Tic. A.Ş. (Modanisa) accepts corporate and personal information that belongs to it and its stakeholders as critical assets. All Modanisa employees and stakeholders constantly and effectively protect the information systems and physical working spaces that contain corporate information from threats.
The purpose of information security is to ensure the use of any kind of information belonging to Modanisa and/or its stakeholders only by authorised persons, being stored fully and accurately, and being ready to use when necessary. In addition, due to the nature of the activities of Modanisa, it is aimed to avoid financial and moral damages arising from security weakness and the potential effects of them.
Irrespective of their positions and responsibilities, all Modanisa personnel and the third parties that have access to the information systems and information of Modanisa are obliged to abide by the information security policies and procedures determined by Modanisa.
Modanisa expects from all of its employees and stakeholders to exercise due diligence regarding the following issues:
· Fully complying with the requirements of the Information Security Management System that is established and operated in Modanisa,
· Ensuring the secrecy, integrity, continuously usability and control of the information and information systems belonging to Modanisa,
· Restraining the risks that may arise from Modanisa's own information assets being lost, disrupted or misused,
· Informing the Information Security Incident Manager about any kinds of information weaknesses and incidents that are considered to be related with Modanisa.
The Department of Information Technologies undertakes the proper use of the policies and procedures defining the information systems activities, as their functional owner. The department managers are responsible in first degree from taking the required measures and supervising the required activities in their respective departments for ensuring the compliance with corporate information security policies and procedures.
The violation of corporate information security policies and procedures are at the same time the violation of ethic codes and may bear disciplinary sanction. The information security violations determined as the result of observation, inspection or denunciation may result in disciplinary sanctions up to termination of employment.
Modanisa undertakes to fulfil the applicable conditions related to corporate information security and to constantly improve the Information Security Management System that it maintains.
"Processing the Information Security Management System in accordance with the standard ISO/IEC 27001 will support ensuring the preservation of our reputation and the maintenance of continuity of our enterprise's success. I would like to express my sincere thanks to all Modanisa family members for their constant support and conformity to corporate information security."