DATA SECURITY AND MANAGEMENT POLICY

As Kirman Premium, ensuring the security of our information assets, maintaining the accuracy, consistency, and accessibility of data, and fulfilling our legal obligations regarding the protection of personal data are among our top priorities in an increasingly digital business world.
Our information and data management processes are structured in line with the fundamental principles of the Integrated Management System and in accordance with national and international standards. In this context, we act with full commitment to the following principles:
Data Security and Confidentiality
• By effectively implementing our information security management system, we protect the information of all internal and external stakeholders within the principles of confidentiality, integrity, and availability.
• We develop protective security measures against unauthorized access, data breaches, and cyber threats, and continuously review processes through risk analyses.
• We regularly test our data backup, disaster recovery, and business continuity plans and strengthen our infrastructures accordingly.
• Access permissions are restricted based on roles defined in job descriptions and regularly audited.
• Two-factor authentication (2FA) practices are encouraged for critical systems to enhance data access security.
Master Data Management
• To ensure sound operational decision-making, the accuracy, standardization, and up‑to‑date status of processed data are guaranteed.
• Master data processes are defined and managed in a centralized structure to ensure consistency throughout the organization.
• Interdepartmental data sharing is carried out in accordance with corporate standards, and preventive measures are taken to avoid conflicts and inconsistencies.
Data Standards and Compliance
• All our data processing activities are carried out in compliance with ISO 27001, KVKK, and relevant international data security standards.
Data Processing and Personal Data Protection
• Personal data is processed only with explicit consent or a lawful basis, with retention periods and destruction policies clearly defined.
• Regular trainings are conducted to increase employee awareness regarding data security, ensuring full understanding of policies.
Continuous Improvement and Monitoring
• Our information technologies infrastructure is regularly monitored and improved based on performance indicators.
• Systems are updated against new threats and risks, and proactive improvements are implemented in line with technological developments.
• The effectiveness of the policy is reviewed at least once a year, and its alignment with corporate objectives is evaluated.
Risk Management
• We conduct regular risk assessments to identify possible risks in information security and data management processes in advance.
• We plan preventive and corrective actions for identified risks, ensuring the confidentiality, integrity, and availability of our information assets.
• In risk assessment processes, we consider impact and likelihood criteria, along with technological developments, threats, and regulatory requirements.
As Kirman Premium Management, we commit to providing the necessary resources to achieve the highest standards in data security and management, to enhance employee awareness and competencies, and to continuously improve the effectiveness of our system.
For your feedback:
You can contact us at info@kirmanpremium.com.