Information Security Policy

In the digitalizing business world, information security is no longer an option but an operational necessity, especially in sectors where critical data is processed, such as “Joint Health and Safety Unit” (JHSU) activities. As Sürmen OSGB, we reinforce our leadership in occupational health and safety with our technological infrastructure and our commitment to data protection. Our Information Security Policy is a strategic constitution that protects the digital memory of our organization and the confidential data entrusted to us by our business partners.

1. Basic Pillars of Information Security: Confidentiality, Integrity and Availability

Sürmen OSGB's information security strategy is built on three internationally recognized principles:

Confidentiality: We guarantee that only authorized persons have access to personnel health records, risk analyses and company confidential documents processed within the scope of OSGB services.
Integrity We implement technical controls to prevent external interference from altering or corrupting data, from its generation to its storage and transmission.
Accessibility: We develop business continuity models to ensure that our information assets are ready and accessible for authorized users whenever they are needed.

2. Corporate Goals and Strategic Alignment

Our information security requirements are in full harmony with Sürmen OSGB's overall corporate goals. For us, security is not an obstacle that slows down the workflow, but rather a lever that increases our service quality and builds trust. In this direction;

Our management is open to change and has a visionary approach.
Competent professionals with high information security awareness are employed.
The financial resources required for technological hardware, software and infrastructure investments that will increase our competitiveness with our competitors in the sector are provided without interruption.

3. Technical Infrastructure and Cyber Defense Mechanisms

Today, cyber threats are not only limited to hacking, but also range from social engineering to ransomware. As Sürmen OSGB, we take the following cornerstones into our center against these threats:

Virus and Malware Protection: We protect our digital assets by equipping our systems with the latest antivirus and endpoint security solutions.
Access Control Systems: “With the principle of ”least authorization", we ensure that each user only accesses the data they need for their tasks.
Business Continuity and Data Backup: We implement regular backup procedures and periodically test our contingency plans to ensure that data is not lost in the event of a system failure or natural disaster.
Breach Notification: In the event of any information security breach, we operate structured notification processes to take quick action and ensure transparency.

4. Risk Management: Turning Threats into Opportunities

Information security is not a static process. Thanks to the risk assessments carried out regularly at Sürmen OSGB, we identify vulnerabilities in our current system and external threats in advance. According to the results of these analyzes;

Corrective and preventive actions are initiated for the weak points identified.
Necessary resources (hardware, software, human resources) are allocated to ensure secure access to customer and personnel information.
With our risk-focused approach, we increase efficiency by directing our cyber security investments to the most critical areas.

5. The Human Factor: Awareness and Culture

Even the most powerful firewall may be insufficient against an untrained user. As Sürmen OSGB, we aim to make information security a corporate culture rather than a technical issue. In this context;

We ensure that all our personnel and certain third-party stakeholders receive Information Security Management System (ISMS) trainings.
We expect our employees to adopt safety procedures as a “way of working”.
We support the adaptation process with continuous internal audits and awareness campaigns.

6. ISO 27001 Standards and Continuous Improvement

Fulfillment of applicable requirements is a legal and standards-based obligation of Sürmen OSGB. We not only establish our Information Security Management System, but also develop it with the continuous improvement cycle (Plan-Apply-Check-Act). While integrating the new opportunities brought by technology into our system, we closely monitor the compliance of the personnel with these innovations.

7. Periodic Review and Timeliness

In a dynamic world, “yesterday's security may be today's vulnerability”. With this awareness, our Information Security Policy is reviewed at least once a year or in the event of a significant change in our organizational structure, sector or legal legislation. In these meetings, which are held with the participation of senior management and unit managers, the appropriateness, accuracy and effectiveness of the policy are discussed and the system is kept up-to-date.

Conclusion A Trusting Partnership

As Sürmen OSGB, we do not only ensure physical security in workplaces; we also protect the corporate data of our business partners against the dangers of the digital world. Our Information Security Policy is a reflection of our principles of transparency, trust and professionalism. Every company that works with us has the peace of mind of knowing that their data is protected to the highest international standards.

We will continue to contribute to Turkey's digital transformation and secure industrialization by maintaining the excellence we have achieved in our occupational health and safety services in the field of information security. Your data is safe with us.

Information Security Policy

Comprehensive Nutrition, Hydration and Safety Guide for Workers during Ramadan

Comprehensive Occupational Health and Safety Guide for Fasting Workers in Heavy and Hazardous Work

What is OSGB and what does it do?

Comprehensive Guide on Influenza (Flu): Diagnosis, Treatment and Workplace Transmission Prevention Strategies

Personal Protective Equipment (PPE) Consultancy - Safe, Conscious and Legal Work Environments with Sürmen OSGB