AVİES is aware that information security is the shared responsibility of all its employees. It acknowledges that the company and its stakeholders may suffer severe damages in the event of intentional or accidental loss, unauthorized use, or disclosure of information.
Accordingly, AVİES, operating in the fields of design and production of avionics and electronic systems,
- undertakes to establish, implement, regularly review, and continuously improve a system in compliance with the ISO/IEC 27001:2022 Information Security Management System standard in order to ensure the confidentiality, integrity, and availability of information assets,
- define authorities, roles, and responsibilities for the effective operation of the Information Security Management System, and review them at regular intervals,
- act in accordance with the principle of segregation of duties in design, development, testing, and implementation processes, and establish the necessary authorization and approval mechanisms,
- ensure full compliance with all legal regulations, customer requirements, and contractual obligations regarding information security,
- identify and assess risks to protect information assets, and take appropriate risk management actions,
- prepare and test business continuity plans to ensure the continuity of company activities and customer obligations in the event of any information security incident or interruption,
- effectively manage information security vulnerabilities and breach incidents, and take measures to prevent the recurrence of such incidents,
- organize information security awareness trainings for all employees and critical external stakeholders, recognizing the importance of the human factor in the sustainability of information security, and monitor the effectiveness of these trainings.
