-
The organization values information as a critical asset and is committed to its protection.
-
Information security is recognized as an integral part of all business processes and activities.
-
Roles and responsibilities related to information security are clearly defined, and the necessary resources are allocated to fulfill them.
-
All employees and third parties are required to comply with the organization’s Information Security Policy and related procedures.
-
Appropriate measures are implemented to prevent unauthorized access to information and to ensure timely response to security incidents.
-
Information security objectives are established in alignment with strategic business goals, with appropriate resources assigned to achieve them.
-
The organization is committed to complying with all applicable legal, contractual, and regulatory requirements related to information security.
-
Information security incidents are continuously monitored, and all breaches are promptly reported and investigated.
-
Business continuity of essential and supporting activities is ensured with minimal interruption.
-
Information security risks are managed effectively to safeguard the confidentiality, integrity, and availability of information assets.
-
The organization supports the continual improvement, measurement, and enhancement of the Information Security Management System (ISMS).