Main Navigation Section Navigation Main Content
Please enter minimum 3 characters

Information Security Policy

Ülker Bisküvi Sanayi A.S. (Company) Information Security Policy (Policy) has been created in order to ensure security of the information existence and processes used while we carry out our activities under the light of integrity, accessibility and security principles and also to take precautions necessary for protecting the Information Systems and relevant physical and environmental security. This policy has been approved by our Company's Board of Directors.

With the implementation of this policy, our company aims to fulfill the conditions required by the laws and regulations to which it is bound and to meet the conditions in generally accepted practices where appropriate.

Since Ülker Bisküvi Sanayi A.S. is a publicly held company, Information Security Policy of our Company is prepared and implemented in accordance with Information System Management Communiqué no. VII-128.9 of Capital Markets Board.

The Company's senior management supervises and the Board of Directors approves the preparation, updating and implementation of the Information Security Policy. The senior management responsible for this matter is determined by the Company's Board of Directors. Within the scope of the Information Security Policy, it is the responsibility of the Company's Board of Directors to ensure effective and adequate controls over information systems.

In order to protect our Information Assets, it is necessary to define and implement the processes related to the storage, transportation, transmission, modification, access, sharing, and recording of all processing activities and processes related to control.

ISO 27001- A structure suitable for the requirements of Information Security Management System, and our Company holds an ISO 27001 certificate within this area.

Internal audit activities are carried out to audit the implementation of the Information Security Management System, and audit results are shared with senior management. Necessary measures and sanctions are implemented in order not to repeat the security violations to be detected as a result of the audit.

Information Security standards are taken into consideration for the selection of suppliers, contractors and all other external sources and to control their performance. In Information Security practices of external sources, our Company acts in cooperation with them.

Information Security Policy is announced to all Company employees andstakeholders. All of our employees are obliged to act in accordance with the Information Security Policy, related procedures and principles, to receive the necessary awareness training, and in case of a situation contrary to Information Security, to communicate the matter to the Information Security Manager.