Information Security Policy
Our comprehensive security policy to ensure the security of our information assets and protect against cyber threats.
1. Our Approach to Information Security
As Formex, we consider information security to be one of our fundamental pillars and act according to the following principles:
Gizlilik (Confidentiality)
We ensure that information is only accessible to authorized individuals.
Bütünlük (Integrity)
We ensure the accuracy and integrity of information.
Erişilebilirlik (Availability)
We ensure that information is accessible when needed.
Authentication
We identify and authorize users correctly.
2. Classification of Information Assets
We classify our information assets according to their criticality levels and apply appropriate security measures for each level:
Critical
Customer personal data, financial information, trade secrets
High
Business processes, operational data, system configurations
Medium
General business documents, procedures, training materials
Low
General announcements, newsletters, marketing materials
3. Technical Security Measures
The technical security measures we apply to protect our information assets:
Network Security
Data Security
Access Security
4. Cyber Threat Protection
Our comprehensive security strategies to protect against cyber threats:
Malware Protection
We protect against malware threats with advanced antivirus solutions and behavioral analysis.
- Real-time scanning
- Heuristic analysis
- Automatic quarantine
Email Security
We protect against spam, phishing, and malicious email attachments with multi-layered security.
- Spam filtering
- Phishing protection
- File scanning
Web Security
We protect against malicious websites and web-based attacks with secure web access.
- URL filtering
- SSL/TLS encryption
- Web application firewall
Threat Monitoring
We monitor threats with 24/7 security monitoring and our incident response team.
- SIEM system
- Security event management
- Continuous monitoring
5. Personnel Security
Our policies for the most important human factor in information security:
Training and Awareness
- Regular security awareness training
- Phishing simulation tests
- Security policy training
- Incident reporting procedures
Access Management
- Role-based access control
- Least privilege principle
- Regular access review
- Termination procedures
Security Agreements
- Confidentiality agreements (NDA)
- Acceptable use policies
- Security breach reporting
- Disciplinary procedures
6. Incident Response Plan
Our plan for quick and effective intervention in security incidents:
Detection and Analysis
Detection of security incidents and analysis of their impact
Restriction and Disablement
Prevention of the spread of incidents and limitation of damage
Cleaning and Recovery
Cleaning of systems and return to normal operations
Post-Incident Activities
Documentation of incidents and determination of future preventive measures
7. Continuous Improvement
Our approaches to continuously improving our information security management:
Regular Audits
We continuously evaluate our security level with internal and external audits.
Penetration Tests
We regularly test our systems to detect security vulnerabilities.
Security Metrics
We use KPIs to measure and improve our security performance.
Industry Collaboration
We share information with the security community to track current threats.
8. Communication and Reporting
To contact us on security issues:
Security Email
info@formexgroup.com
Emergency Phone
+90 224 671 85 00 (24/7)
Security Breach Report
info@formexgroup.com