Information Security Policy
- Definition of Information Security
Information security, within the context of this policy, refers to the systematic application of measures to safeguard the confidentiality, integrity, and availability of our organisation’s information assets. It encompasses practices and controls designed to protect information from unauthorised access, disclosure, alteration, destruction, or disruption. The overarching goal is to ensure the reliability and security of information throughout its lifecycle within our organisation.
| Confidentiality | Keeping sensitive information private and protected from unauthorised access. |
| Integrity | Ensuring that data remains accurate, complete, and trustworthy. |
| Availability | Making sure that information and resources are accessible when needed. |
- Purpose of the policy
The purpose of this Information Security Policy is to establish a framework for safeguarding the confidentiality, integrity, and availability of our organisation’s information assets.
- Requirements for Information Security Management System
The information to be protected under our Information Security Management System is determined by legal requirements, contractual obligations, expectations of stakeholders and the directives of senior management. Additionally, risk assessments are conducted to identify potential vulnerabilities and threats to our information assets. Project-specific customer expectations and contractual agreements for information security are assessed and defined as part of the project management process. Expectations arising from legal responsibilities are outlined and monitored in legislations lists.
- Scope
The Information Security Management System (ISMS) encompasses all aspects of our business, including:
- Business Development & Sales
- Engineering and Validation
- Operations and Quality Assurance
- Strategy and Marketing
- Product Management
- Human Resources and Finance
- Office Administration
- IT activities, including the security of information processed within these functions
Additionally, the policy extends to external dependencies, including:
- Cloud providers
- Third-party service providers and vendors
- Partners and subcontractors involved in business operations
- Regulatory bodies governing compliance
All employees, contractors, and external partners must adhere to the principles outlined in this policy to maintain the confidentiality, integrity, and availability of our information assets.
These processes and activities are managed from the locations listed below.
| Address-United Kingdom | Warwick Technology Park, 11A Innovation Centre, Warwick CV34 6UW, United Kingdom (Headquarters) |
| Telephone | +44 1(926) 623039 |
| Website | https://eatron.com/ |
| Address-Turkey | Katar Cad. Reşitpaşa Mahallesi İTÜ Ayazağa Yerleşkesi Arı-6 Binası 2/49/110, Sarıyer İstanbul |
| Telephone | +90 (212) 2767686 |
| Website | https://eatron.com/ |
- Commitments for Information Security Management System
We commit to safeguarding information integrity, availability, and confidentiality, aligning with our organisation’s strategies and adhering to national or international regulations, legal, and contractual requirements. Our aim is to prevent financial/commercial losses and protect our reputation, minimising disruption to operations during security incidents. To achieve these goals, we pledge to:
- Allocate necessary resources to the information security management system.
- Foster awareness and compliance with security requirements across the company.
- Support individuals contributing to the effectiveness of the information security management system.
- Foster a culture of continuous improvement.
- Our objectives
To establish a sustainable and continuously improving Information Security Management System (ISMS), we have identified the following objectives:
- Meet information security obligations per regulations and contractual requirements.
- Mitigate financial/commercial losses and uphold our organization’s reputation by ensuring information security for our organisation and associated parties.
- Maintain business continuity amidst adversities.
- Continuously enhance our ISMS.
To achieve these objectives, we will regularly evaluate and review actions relating to risk assessments, internal/external audits, technical compliance reviews, incident records, and performance measurement results.
- Roles and Responsibilities of ISMS
Information security is everyone’s responsibility, and therefore all employees need to understand and adhere to the policies, follow processes, and report suspected or actual breaches. Specific roles and responsibilities for the running of the ISMS are defined and recorded in the organisational roles and responsibilities.
- Monitoring
The organisation ensures ongoing compliance with the policies and procedures of the ISMS through regular monitoring activities. These activities include management reviews, internal audits conducted by trained personnel, and external audits performed by independent auditors. By regularly assessing adherence to established protocols, the organization can identify areas for improvement and ensure the effectiveness of its information security measures.
- Non-Compliances
Any suspected or actual breaches of the Information Security Policy must be promptly reported to the ISMS responsible or relevant manager. Upon receipt of a report, a thorough investigation will be conducted to determine the root cause. Corrective actions will be taken to address the issue and prevent recurrence based on the company’s incident management procedures.
Non-compliance with information security policies may result in disciplinary action, as outlined in the organization’s disciplinary policy. Such actions may include verbal or written warnings, suspension, termination of employment, or legal action, depending on the severity and recurrence of the violation.
