Information Security Management System Policy Statement

TUROG Technologies is committed to maintaining and improving information security processes by adopting an information security management system. This system provides a framework for integrating the ISO 27001:2022 standard.

The company defines our core values for the Information Security Management System as follows:

• To ensure uninterrupted availability of all key business resources required to support essential (or critical) business activities.
• To reduce the number of information security and business continuity high-priority risks on TUROG Technologies risk register.
• To provide for an orderly and expedited recovery/continuity of critical business processes after a disruptive incident.
• To endeavor to ensure that all persons employed by us are competent to carry out the specific work tasks by providing all necessary information, instruction, training, and supervision.
• To reduce or avoid information security breaches and related losses.
• To Ensure Compliance with TUROG Technologies Contractual, Regulatory, and Legal requirements and reduce information security-related regulatory sanctions/penalties.
• To ensure Information collected, held, and used by the organization is appropriately protected and available in line with business requirements.
• To improve information security culture and consciousness in the organization.
• To provide training in information security for key resources
• Create awareness among all staff on the needs and responsibilities of Information Security Management.
• To ensure that the Confidentiality, Integrity, and Availability of information is maintained throughout business functions and processes
• To ensure information is only accessible to authorized persons from within or outside the company, and minimize damage by preventing and reducing the impact of security incidents
• To optimize our business processes to always strive for a zero defect and no waste attitude
• To satisfy the requirements of the services provided
• To ensure data protection and data privacy of customer information is maintained
• To ensure continual improvement of our Information Security Management system.

The organization's Information Security Management System (ISMS) policy serves as the foundation for establishing ISMS objectives. This policy undergoes an annual review by Top Management, with more frequent reviews conducted as necessary. It is ensured that all employees and associated personnel are thoroughly familiarized with this policy. Furthermore, the policy is readily accessible to the public, stakeholders, and other interested parties upon request.