Information Security Management System Policy

  • Our company is committed to complying with applicable legislation and considering relevant standards and best practices. All business processes are organised in accordance with relevant legal regulations and standards. 
  • The principles of confidentiality, integrity and accessibility are taken as basis in the processing, transmission and storage of information. These principles form the basis of all information security practices of our company and ensure the confidentiality of all information of our stakeholders and their protection against unauthorised access, use, disclosure, modification or destruction. 
  • Risk management process is implemented to identify, assess and manage all information security risks, including those that may affect aviation security. Risk assessments are carried out regularly and emerging risks are managed with mitigating measures. 
  • In order to continuously improve the effectiveness of the information security management system, information security processes are regularly monitored, evaluated, and performance is tracked and developed with concrete data. 
  • To ensure the continuity of all main and supporting business activities, inaccessibility risks are regularly evaluated, necessary precautions are taken against potential interruptions, and a rapid and effective response capacity is developed in case of possible interruptions. 
  • Programs are implemented to develop technical and behavioral competencies in order to increase information security awareness. All employees receive regular information security training and are made aware of information security policies. With these trainings, a proactive approach to security threats is encouraged. 
  • Effective processes are operated for the detection, reporting, response and improvement of information security incidents. Security incidents are responded quickly and effectively through incident management and necessary measures are taken to prevent similar incidents in the future. 
  • The use of the Information Security Reporting System is encouraged in order to respond quickly to existing or potential information security incidents. Reports made by employees are handled in accordance with confidentiality principles and resolved quickly. 
  • Every employee is obliged to comply with information security policies. Top management supports the achievement of information security objectives and the effective implementation of the Information Security Management System.