Last Update: December 28, 2022
The Information Security Management System (ISMS) Policy of UPS Türkiye aims at ensuring information security for the design, operation, development and maintenance of our activities in line with the laws, transport industry legislation, our global corporate norms and the requirements of ISO/IEC 27001. It thereby intends to ensure and support the maintenance of the security of the data belonging to the company and the customers, in an attempt to maintain the reliability of our company as well as the services we provide.
Thanks to ISMS, UPS Türkiye protects its information assets based on the current best practices, according to their integrity, accessibility and confidentiality aspects, and ensures secure use of these assets.
UPS Türkiye Management undertakes that through the ISMS Policy, information security will not be compromised while achieving the company objectives, that the conditions required for continuous improvement of ISMS and the principle of segregation of duties as well as resources will be ensured and provided, and that the management and control of ISMS requirements will be ensured. The information security objectives of UPS Türkiye are determined in accordance with the outputs of the information security risk assessment process carried out regularly. In order to ensure full compliance with ISMS and its continuous improvement, UPS Türkiye conducts internal inspection programs and shares the relevant output and reports with the Senior Management.
UPS Türkiye aims to form a secure cooperation and working environment with all its stakeholders, whether internal or external, direct or indirect. It takes into consideration the information security performance qualities and outputs of the relevant stakeholders in its preferences when determining suppliers and business partners.
UPS Türkiye takes into account the compliance, by its internal and external stakeholders, with the company’s ISMS Policy and other ISMS rules. It enables detection and reporting of any suspicious and contrary acts related to information security breaches, and it targets to plan and implement, within the shortest time, any actions necessary for these breaches.