Management Systems Policy

Management Systems Policy


Management Systems Policy

  • To fulfill all legal and regulatory requirements for which we are responsible
  • To ensure the development and motivation of our employees
  • Making it usable in the relevant activities of the institution by following the technological developments
  • Developing projects to ensure the happiness of all our stakeholders
  • Developing methods to ensure minimum use of natural resources
  • To ensure that our wastes are kept under control and disposed of in accordance with the requirements.
  • Carrying out studies to eliminate pollution at its source
  • To ensure the satisfaction of the complainants by resolving the complaints from all stakeholders as soon as possible.
  • Ensuring the elimination of possible threats by increasing the effectiveness of studies on information security
  • To be a pioneer in the dissemination of our corporate culture to all our stakeholders by increasing the level of awareness within the body .
  • Commit to complying with the applicable requirements of the IMS and Accreditation systems and to continuously improve all our processes


The purpose of this policy is to define the approach and objectives of top management and communicate these objectives to all employees and relevant parties in order to prevent violations of law, legal, regulatory or contractual obligations and any security requirements.

1.0 Liability

  • Information Security from the preparation, review and update of the Information Security Policy
  • The Team Leader (Secretary General) appointed as the Management Representative (Management Systems Manager) and/or Information Security Assistant Manager is responsible. Kirsehir Chamber of Commerce and Industry (KSTO)
  • The Board of Directors approves the Information Security Policy and ensures that it is announced.

2.0 Policy Details

2.1. Definitions
2.1.1. Information Security Management System – ISMS:
It is part of the entire management system based on the business risk approach to establish, perform, operate, monitor, review, maintain and improve information security.

2.1.2. Information Security Management Representative:

Responsible for the operation and continuous improvement of the Information Security Management System. Information Security Management Representative is Management Systems Manager.

2.1.3. Information Security Assistant Manager:

Information Security Team Leader. It is responsible for supporting the Information Security Management Representative and taking part in all information security processes with the Information Security Management Representative.
Organizes Information Security Team Meetings Information Security Assistant Manager is the Secretary General.

2.1.4. Information Presence:

These are the assets owned by KTSO that are important for it to be able to carry out its business without interruption and without any legal sanctions. Information assets subject to this policy are:

  • All kinds of information and data presented in paper, electronic, visual or audio media
  • Any software and hardware used to access and modify information
  • Networks that enable the transfer of information
  • Divisions, units, teams, and employees
  • Facility and Private areas
  • Solution partners (TOBB, Ministry of Customs and Trade)
  • Service, service or product provided by third parties (Suppliers)
  • For more information, please read the document:
  • Kırşehir Chamber of Commerce and Industry Information Security Policies

Our Other Policies


To ensure the accurate, timely and impartial transfer of activities and information concerning the members by using modern communication methods.


  • To implement a fair and impartial selection evaluation procedure
  • Supporting the career path development of the personnel with various training and coaching supports
  • Developing methods to increase employee satisfaction and loyalty


  • To ensure the efficient use of the budget created in accordance with the requirements of the Law No. 5174
  • To ensure that the receivables collected from the members are used in line with the interests of the members.
  • Developing methods for timely and complete collection of receivables
  • Developing measures to reduce financial risks


  • To carry out service improvement studies in line with the needs and expectations of the members
  • To monitor the outputs of the members by organizing training programs that will ensure their individual and institutional development.
  • To provide support for the members to develop their business capacities


  • To continuously improve the technological infrastructure in accordance with the requirements of the age
  • Minimizing IT risks by managing
  • Ensuring the sustainability of the methods applied to ensure information security