Information Security

Information Security Management System Policy

Our Information Security Management System ensures that all of our activities are carried out in accordance with ISO 27001: 2013.

Gizil Enerji is able to provide secure access to information assets, to maintain the availability, integrity and confidentiality of information, to evaluate and manage the risks that may arise on the information assets of itself and its stakeholders, to maintain the reliability and brand image of the institution, to implement the sanctions deemed necessary in case of breach of information security, to fulfill the legal and relevant legislation requirements, to meet the obligations arising from the agreements, to provide information security requirements arising from the corporate responsibilities towards internal and external stakeholders, to reduce the impact of information security threats to the continuity of business / service and to ensure the continuity and sustainability of the business, the established control infrastructure to maintain and improve the level of information security.

In order to achieve this policy, all Gizil Enerji employees and the specific external parties defined in the Information Security Management System are expected to comply with this policy and the Information Security Management System that applies this policy. All staff will receive appropriate training. Information Security Management System is subject to continuous and systematic evaluation and development. In order to support the framework of the Information Security Management System and to periodically review the security policy, Gizil Enerji has established an information security committee, which is managed by senior management and includes information security manager and other managers.

This policy aims to guide all activities related to information security in Gizil Enerji and to provide information security processes and controls with the support of sub-documents.


Rev 00, 12.01.2019