Sampa Inc. undertakes that the implemented Information Security Management System is certified to meet all the requirements of ISO/IEC 27001 standards and is improved in line with the activities prescribed by these standards, that this system is managed in an integrated manner with other management systems that Sampa implements, and that Sampa complies fully with the laws and regulations of the Republic of Turkey.
The main purpose of Sampa Inc.’s ISO/27001:2013 activity is to define and evaluate the risks to our information assets and to ensure that they are systematically improved, managed and secured within and outside the company.
The Sampa Inc. Board of Directors reviews the Information Security Management System at least once a year in accordance with the Management Review Procedure to ensure compliance, adequacy, and effectiveness of the ISMS.
Sampa Inc. declares that it supports the implementation of the Information Security Management and Compliance Policy with all relevant units under the leadership of the Sampa Board of Directors.
Objectives and Principles
Sampa Inc.'s objective is to ensure the security, continuity and auditability of information assets, business processes and operations through the Information Security Management System ISO/27001:2013, and to increase service quality, competitiveness and brand value in order to reach its global targets.
Information Security Management System ISO/27001:2013 Certification audit processes are implemented with "zero non-compliance" strategy.
Each information asset is evaluated according to the principles of confidentiality, integrity and accessibility, the resulting risk are eliminated or reduced to an acceptable level.
Projects implemented during the risk management process are monitored through internal audit processes and effective, continuous and reasonable solutions are completed on time.
Information Safety Performance is measured through internal audits and all requirements are met.
Personnel, supplier, customer and visitor awareness on ISMS are increased through educational and instructional activities.
In order to achieve objectives, Sampa Inc is obliged to comply with this policy and all documents supporting this policy with the support of Senior Management, all employees of the company and the external parties defined in ISMS.