Çelikler Holding, within the scope of Information Technologies at the Afşin / Elbistan, Seyitömer, Tunçbilek, and Orhaneli Thermal Power Plants, aims to ensure compliance with all legal requirements and contractual terms in accordance with the conditions of the TS ISO/IEC 27001 Information Security Management System standard. This includes securing risk management, measuring the performance of information security management processes, maintaining uninterrupted all supporting activities necessary for electricity generation, primarily focusing on energy production, and organizing information security requirements arising from corporate responsibilities for both internal and external stakeholders.
To protect Information Technology information assets against all kinds of threats that may occur intentionally or unintentionally, from both internal and external sources, ensure the accessibility of information in accordance with business processes, meet legal regulatory requirements, and carry out continuous improvement efforts.
Ensure the continuity of the three fundamental components of the Information Security Management System (ISMS) in all activities in an effective, accurate, fast, and secure manner: Confidentiality: Preventing unauthorized access to sensitive information. Integrity: Demonstrating that the accuracy and integrity of information are maintained. Availability: Ensuring that authorized individuals have access to information when needed.
To ensure the security of all data, not only those stored electronically, but also written, printed, oral, and other forms of data.
To raise awareness by providing Information Security Management training to all personnel.
Report all actual or suspicious vulnerabilities in Information Security to the ISMS Team and ensure they are investigated by the team.
Develop, maintain, and test business continuity plans.
Conduct periodic assessments in the field of Information Security to identify existing risks; review action plans based on the results of the assessments and monitor their implementation.
Prevent any disputes and conflicts of interest arising from confidentiality agreements.
To meet the business requirements for information accessibility and information systems.