EgeGaz commits to take all necessary steps to ensure, operate, follow up, review, maintain and improve data security. The main purpose of the system is to ensure the confidentiality, integrity and availability of data which takes under guarantee the continuity of daily operations and strategic competitive advantage required by the regulation and within this scope adopts the following principles in the processes :
- To create an effective and sufficient data security risk management approach to reduce or eliminate the risks defined on the processes within the scope of the internationally accepted standards and allocates required resources to reduce data security risks to an acceptable level.
- To prevent unauthorized or incompetent access, usage, modification, disclosure, destruction, seizure and damage of data assets, depending on the confidentiality, integrity and accessibility of products and services that provide value to customers and stakeholders,
- To ensure that all employees have conscious approach to the Data Security Management System and fulfill their duties in their areas of responsibility and to comply with the published policies, procedures, instructions, announcements and controls,
- To develope and maintain proper business continuity plans and systems to ensure the continuity of critical processes,
- To define data security control targets in line with this policy and the purpose of the organization and to continuously improve it with regular audits and reviews,
- To comply with all applicable laws, energy market practices, contractual obligations, industry standards and other relevant internal and external requirements regarding data security,
- To evaluate all actual or suspicious apertures targeting data security and to ensure that the activities of updating existing controls or activating new controls are carried out as soon as possible.
- To take necessary measures to ensure security of data security assets not only electronically, but also in the in-house working areas such as work areas, archive rooms, system rooms, etc. and around the corporation,
- To organize regular education and training activities to increase the awareness of employees, third parties and stakeholders about their roles and responsibilities regarding Data Security.