Information Security Policy

Information Security Policy

At EgeGaz we are committed to taking all necessary measures to implement, operate, monitor, review, maintain and improve information security. The primary objective of our information security management system is to ensure the confidentiality, integrity and availability of information that must be protected to satisfy legal and regulatory requirements and to guarantee the continuity of daily operations and our strategic competitive advantage. The following principles inform these processes:

  • Establish an effective and adequate information security risk management approach to mitigate or eliminate identified risks within internationally accepted standards and, for this purpose, allocate resources necessary to reduce information security risks to an acceptable level,
  • Protect the confidentiality, integrity and availability of information assets that underpin our products and services, thereby safeguarding the value we deliver to customers and stakeholders. This includes preventing unauthorized access, use, modification, disclosure, removal, transfer or damage to such assets,
  • Ensure that all employees are aware of the Information Security Management System and fulfill their responsibilities within it. This includes guaranteeing their adherence to published policies, procedures, instructions, announcements and controls,
  • Develop and maintain appropriate business continuity plans and systems to ensure the continuity of critical processes,
  • Establish information security control objectives that align with this policy and the company’s goals and continuously improve them through regular audits and reviews,
  • Comply with all applicable laws, energy market regulations, contractual obligations, industry standards and other relevant internal and external requirements related to information security and continuously improve performance in this direction,
  • Proactively identify and assess all actual or suspected vulnerabilities that could compromise information security and take swift action to update existing controls or implement new controls as needed,
  • Take all necessary measures to ensure the security of information assets, not only those held electronically but also those kept in physical workspaces, archive rooms, system rooms and other internal work areas so as to maintain a secure environment both within and around the company’s premises,
  • Regularly provide training and awareness resources to educate employees, third parties and stakeholders about their Information Security roles and responsibilities.