Our Information Security Management System Policy

Our Information Security Management System Policy

While providing our services in the International Road Transportation sector, we commit to:

• -Fulfilling the requirements of the ISO 27001:2013 Information Security Management System,

• -Maintaining its effectiveness,

• -Continuously improving it,

• -Complying with legal requirements,

• -Meeting information security requirements by taking into account both current and potential risks, as well as customer requirements.

FOR GENERAL USE

• -All PCs and laptops are set to switch to a password-protected screensaver automatically within 5 minutes.

• -Laptops must be protected more carefully against security vulnerabilities. Operating system passwords must be enabled.

• -In Karakuş, users must always log in to the Active Directory within the domain structure. Computers not connected to the domain must be removed from the local network, and no data exchange should occur between such devices and the local network.

• -In case of theft or loss of laptops, the Information Security Committee (ISC) Chair must be notified as soon as the situation is noticed.

• -All users are responsible for the security of their own computer systems. The owner of the system is accountable for any attacks originating from these computers against Karakuş or individuals (e.g., electronic banking, etc.).

• -Karakuş computers must not be used to engage in harassment or unlawful activities.

• -Users must not attempt to compromise or disrupt network security (e.g., unauthorized access to servers) or network communications (packet sniffing, packet spoofing, denial of service, etc.).

• -Port or network scanning must not be performed. No activities threatening network security should be carried out.

• -Karakuş information must not be shared with third parties outside the organization.

• -Devices, software, or any data must not be taken outside Karakuş without authorization.

• -Except for software officially used by Karakuş, it is prohibited to install or use programs from unknown sources (e.g., magazine CDs, internet downloads, etc.).

• -Unauthorized personnel are strictly prohibited from accessing or obtaining confidential and sensitive information within Karakuş.

• -The confidentiality and privacy of corporate and personal data must be given special importance. These data cannot be provided to third parties or organizations in electronic or paper form, except as required by relevant legal regulations concerning Karakuş.

• -Personnel are responsible for backing up corporate information on their assigned desktop and laptop computers used for Karakuş operations.

• -Games or entertainment software must not be run or copied on computers.

• -File exchanges on computers must be limited to official documents, programs, and training materials.

• -Without the knowledge of the Management Representative, existing configurations on computers regarding network settings, user definitions, resource profiles, etc. must not be altered under any circumstances.

• -No unlicensed software may be installed on computers.

We have determined this as our Information Security Policy and present it to all relevant parties.

General Manager
Bahaddin Karakuş