While Map performs the integration and transmission of the information of its valuable business partners within the scope of the services it provides, it follows a very sensitive security policy regarding the data it processes. This page has been published to inform our employees, suppliers and customers.
Information Security Policy
1. Purpose of Information Security
MAP Elektronik Ticaret A.Ş considers corporate information as an extremely valuable asset. Information is critical for the sustainability of our business operations and must be properly protected. MAP aims to minimize the risks that may arise regarding the “Confidentiality, Integrity, Usability” elements of corporate information and the effects of these risks, based on the Information Security Management System (ISMS) ISO 27001 standard.
This policy has been approved by the General Manager of MAP Elektronik A.Ş.
MAP Management has adopted the fulfillment of the following subjects in particular:
All MAP employees and those who use MAP Information Systems are required to comply with the MAP Information Security Policy, regardless of their duties and responsibilities. Apart from MAP employees, service providers’ employees who have to access MAP information due to the service they provide are also required to comply with this policy.
2. Responsibilities of All Employees
The purpose of Information Security and this policy is to protect, maintain and manage the confidentiality, integrity and usability of information and all information processing systems, processes and applications. This means; access to the information of both MAP and MAP customers in MAP information systems only by authorized persons; assurance of complete, accurate and usable information, and permanent accessibility to the information and systems. For this reason, all MAP employees, employees of other institutions serving MAP, interns, or anyone who has access to MAP systems, regardless of their duties, must act in accordance with Information Security principles.
All MAP employees must comply with the MAP Code of Business Ethics and the protection of confidential information specified in the MAP Personnel Regulations, as well as ensuring that MAP’s information is complete, accurate and available.
MAP assures to take the measures specified in the Personal Data Protection Law and to work in full compliance with the Personal Data Protection Policy.
3. Policy Ownership and Information Security Guidance
Functional ownership of this policy and all standards and other supporting documents and training activities will be carried out by the System and Information Security Management, and this management will also be a source of advice and guidance regarding the implementation of the policy within the entire MAP.
The System and Information Security Management will ensure that all employees receive appropriate training on Information Security issues and will guide the handling of information security incidents in general. When necessary, it will ensure that this policy is supported by detailed standards , procedures and processes and that they are ready for use as the need arises. It will also be responsible for ensuring that these policy requirements are transferred to all employees (MAP employees, interns, seasonal employees) and service provider institutions’ employees.
The Information and Communication Technologies Director will be responsible for the establishment of the general management framework regarding Information Security, ensuring its continuity, monitoring the changes in the risks faced by the information systems and constantly reviewing this policy to keep it up-to-date.
Information Security policies are reviewed at least once a year in parallel with the asset and risk updates, to reflect the current risks faced by MAP information assets. Information Security policies are updated according to new risks and changes in risks.
The Information Security Policy should be implemented in parallel with the MAP Personnel Regulation. Employees are responsible for being aware of the Information Security Policy and complying with these principles.
4. Inspection and Responsibilities
Each unit manager is primarily responsible for taking the necessary measures and monitoring the system to ensure compliance with the Information Security Policy.
The System and Information Security Management is responsible for periodically auditing the compliance with the standards, especially the Information Security Main Policy, and all the published policies and procedures and reporting to the relevant parties.
Violations of the Information Security Policy may cause the MAP to suffer as a result of not implementing the necessary controls against risks, and also to incur criminal liability according to the new Turkish Penal Code and to be liable for compensation for financial damages. Therefore, the violation at issue is also a violation of the MAP Personnel Regulations and may result in disciplinary actions. Violations of the Information Security Policy detected as a result of both surveillance, audit and notice may result in internal disciplinary penalties that may lead to the termination of the employment contract or even the initiation of judicial and criminal legal action.
Working together on the implementation of this policy will help maintain our knowledge and reputation at all times and ensure the continuity of the success of our business.
5. Goals
MAP Information Security adopts the protection of information assets of itself and its customers as the most important task. In line with this principle, in order to ensure that basic and supportive business activities continue with the least possible interruption, it aims to:
Each MAP employee is responsible for contributing to these goals.