Copper Casting, casting machine, upcast machine, Upcasting, copper, melting, copper melting, continuous casting, upward casting,copper wire, wire rod, oxygen-free copper, wire drawing, casting facility, casting line, induction furnace, copper wire machine, upcasting, copper processing line, melting system, high conductivity copper, copper production technology, copper forming, non-ferrous metal processing, conductive copper production, oxygen-free copper

copper wire annealing, copper rod, copper processing, copper refining, copper rod casting line, upcast machine, continuous casting line, upcasting line, casting furnace, melting furnace, induction furnace, annealing furnace, casting plant, copper wire machine, rod casting machine, melting plant, system design, channel induction furnace, heat treatment line, rod, copper rod, copper cable, casting technology, metal processing technology, upcasting technology, industrial melting, high-purity copper, casting quality, low-oxygen copper

4000 TPA, 8000 TPA, 12000 TPA, 18000 TPA,inductor,copper ring, automatic coiling system, copper casting simulation, cable industry, industrial furnace, production engineering, high-capacity production, casting solutions, collector, drawing unit, industrial power systems, engineering technology, 8000 TPA CP, 10000 TPA, melting and holding furnace, holding furnace, aluminum casting, aluminum, aluminum casting, brass, brass casting, cathode, copper cathode, copper bale, copper

  • tr
  • EN
  • ru
Get a Quote

Information Security and Personal Data Policy

INFORMATION SECURITY AND PERSONAL DATA POLICY

1. DEFINITION

Information security ensures the continuity of operations within the Company, minimizes potential disruptions in business activities, and protects information from a wide range of threats.

Information security fundamentally aims for the following three elements:

a. Confidentiality
It can be defined as keeping information inaccessible to unauthorized persons. In other words, confidentiality is the prevention of unauthorized disclosure of information.

b. Integrity
Integrity is the state of information remaining uncorrupted by protecting its content against threats of intentional or negligent modification, deletion, or any form of destruction by unauthorized persons.

c. Availability
It means that information is ready for use whenever needed. It is a requirement of the availability principle that information remains accessible even in the event of any problem. This access must be within the framework of the user's rights. According to the availability principle, every user must be able to access the information resource they are authorized to access, within their authorized time frame.

2. SCOPE

This policy covers all units utilizing the Company's information technology infrastructure.

3. PURPOSE

The Company management aims to ensure the information security of all physical and digital information assets used in the execution of information technology services, in order to ensure that the company's business activities continue with minimum disruption.

a. Email Usage Rules

I. The Company's email system can strictly not be used for the user's personal social media (Facebook, Twitter, Instagram, etc.) accounts.

II. No response should be written to malicious, spam, fake, etc., harmful emails; emails containing any kind of executable files attached to these emails must be deleted immediately upon receipt and strictly not forwarded to others.

III. Company email addresses cannot be used when subscribing to lists and similar platforms through internet applications for personal use.

IV. Considering that emails requesting users to enter their user code/password may be fake emails, they must be deleted immediately without taking any action.

V. Employees cannot send inappropriate content (pornography, racism, political propaganda, material containing intellectual property, etc.) via email.

VI. Employees must prevent their messages from being read by unauthorized persons. Hardware/software systems used for email access must be protected against unauthorized access.

VII. Company employees are responsible for preventing corporate emails from being seen and read by external parties and unauthorized persons.

VIII. Files attached to emails from unknown sources must strictly not be opened and must be deleted immediately.

IX. Users are responsible for the security of the password of their own email address. They are obliged to contact the IT department and report the situation as soon as they realize that their passwords have been compromised.

X. Personnel leaving the Company cannot continue to use the corporate email system. In the event that a user with an email address leaves the company for any reason, such as changing units or termination of employment, the necessary changes in the email system shall be reported to the IT Department by the authorities as soon as possible.

b. Internet Usage Policy

I. No user may use a data sharing channel other than the data sharing method recommended by the Company.

II. Personal data cannot be collected through inter-computer networks using chat programs, such as messaging and chat programs, except for official business discussions.

III. No user shall perform Multimedia Streaming (for video, music, communication, etc.) over the internet for private purposes.

IV. It is forbidden to send (upload), download, and store high-volume files that are not related to work (music, video files) on computers.

V. Softwares that are not approved by the IT Department cannot be downloaded via the internet, and these softwares cannot be installed or used on the company systems.

VI. Websites that violate general morality must not be accessed from Company networks and computers, and no files shall be downloaded from them.

VII. The IT Department may conduct monitoring and gather statistics regarding the internet usage of employees to prevent loss of work. It may implement restrictions on the internet when necessary.

VIII. No political content or propaganda can be made.

c. General Usage Policy

I. In the event of being away from the computer for a long period, the computer must be locked, and access to information by third parties must be prevented. 
II. Situations such as the theft or loss of a computer or data carrier containing Company data must be reported to the IT Department as soon as possible. 
III. All users are responsible for the security of their own computer systems. The individual is responsible for any attacks directed at the Company or an individual that may originate from these computers (For example; electronic banking, insulting or politically charged emails, user information, etc.). 
IV. Company computers must not be used to engage in harassment or illegal activities. 
V. No actions disrupting network security (For example; a person attempting to access servers without authorization) or disrupting network traffic (packet sniffing, packet spoofing, denial of service, etc.) shall be engaged in. 
VI. Activities threatening network security must not be carried out. DoS attacks, port-network scanning, etc., must not be performed. 
VII. Company information must not be transmitted to third parties. 
VIII. No peripheral device connections shall be made to the personal computers of users without obtaining the approval of the IT Department. 
IX. No device, software, or data shall be taken out of the company without authorization. Except for the software used by the Company, installing and using programs of unknown origin (magazine CDs or programs downloaded from the internet, etc.) is forbidden. 
X. Personnel are responsible for the security of corporate information on the desktop and laptop computers allocated to them and used in company operations. 
XI. The IT Department may access the employee's computer locally or remotely without prior notice to the user to perform security, maintenance, and repair operations, and may implement necessary technical or administrative measures. 
XII. Programs for gaming and entertainment purposes must not be run/copied on computers. 
XIII. File exchanges must not be carried out on computers, except for official documents, programs, and training documents.
XIV. No computers or devices functioning as servers (Web Hosting, Email Service, etc.) shall be kept on the Network System without the knowledge of the IT Department. 
XV. Existing settings regarding network settings, user definitions, resource profiles, etc., on computers must under no circumstances be modified without the knowledge of the IT Department. 
XVI. Unlicensed programs must not be installed on computers in any way. The personnel harboring unlicensed software on their computer is personally responsible for this situation. 
XVII. Computer resources must not be shared unless necessary; in the event that resources are shared, action must strictly be taken in accordance with the password usage rules. 
XVIII. When a problem occurs on the computer, it must not be interfered with by unauthorized persons, and the IT Department must be notified immediately.

c. Emergency Policy

I. Logging is performed in our company. In emergencies, system logs must be preserved for examination. 
II. Ensuring the continuity of Company activities is essential. In emergencies, technical measures aimed at this principle must be planned and implemented when necessary.
III. Necessary tool and equipment requirements for emergencies must be identified, and backup and maintenance planning must be implemented. 

d. Antivirus Policy

I. A computer without antivirus software installed must not be connected to the network, and the IT Department must be notified immediately. 
II. It is forbidden to create and distribute malicious programs (For example, viruses, worms, Trojan horses, email bombs, etc.) within the Company. 
III. No user may remove the antivirus program from the system or install another antivirus software for any reason.

4. ENCRYPTION

Encryption is an important feature for computer security. It is the first layer of security for user accounts. A weakly chosen password can compromise network security entirely. The standards and rules to be followed regarding the creation of strong encryption, the protection of the created password, and the frequency of changing this password are specified below.

5. GENERAL INFORMATION

a. Password Usage Rules

I. All passwords used must possess a strength that cannot be easily cracked.
II. Passwords (email, internet, PC, etc.) must be changed at least once every six months.
III. Passwords must not be written or added to email messages or any electronic form, must not be shared with anyone, and must not be written down in physical or electronic environments.
IV. Passwords must not be given to any person over the phone.
V. Passwords must not be shared with colleagues, even during times away from work.
VI. The user must not share their password with third parties and must not write it on paper or electronic environments.
VII. The computer locks when the password is entered incorrectly 5 times consecutively.
VIII. Warnings are given to personnel logging in from multiple entry points.
IX. A screen lock must strictly be used, and the screen lock must be set to short intervals. 

b. General Password Creation Rules

I. Passwords are used for various purposes. Some of these are: User passwords, web access passwords, email access passwords, screen saver passwords, router access passwords, etc.). All users must show due diligence regarding the selection of a strong password.
II. The password must contain lowercase and uppercase characters (a-z, A-Z), numbers, and symbols (such as 0-9, !'^+%&/()=?_;*).
III. It must be at least eight characters long.
IV. Password cracking and guessing operations may be performed at certain intervals. If passwords are guessed or cracked as a result of the security scan, the user will be requested to change their password.

c. Password Protection Standards

I. Passwords used within the Company must not be used outside the institution in any way (For example, internet access passwords, in banking transactions, or other places).
II. Different encryption must be used for different systems. For example, a different password should be used for Unix systems and a different password for Windows systems. 
The following is the list of things not to be done: 
• Giving a password to any person over the phone.
• Indicating a password in email messages.
• Sharing passwords with your senior manager.
• Talking about passwords in front of others.
• Using family names as passwords.
• Indicating a password on any form.
• Sharing passwords with family members. 
• Disclosing passwords to your colleagues when you are away from work.
If anyone requests a password, they should be told to call the IT Department official by referencing this document. "Remember password" features in applications and browsers must not be selected (Example: Chrome, Internet Explorer, etc.).

d. Application Development Standards

I. Application developers must ensure that the security features specified below are provided in their programs.
II. It must be able to support the authentication process of individuals (not groups).
III. It must not store passwords as text or in an easily understandable form.
IV. The rule management system must be supported (Example: a user should be able to continue their functions without knowing another person's password).

e. Password Usage for Remote Access Users

I. Remote access to the Company's computer network must be performed using a one-way encryption algorithm or strong passwords.

f. Server Security

The rules and standards to be followed to ensure the security of servers are as follows:
I. Ownership and Responsibilities
System administrators are responsible for the management of all internal servers within the Company. Server configurations will be performed solely by this group.
a. All servers and mobile devices must be registered in the device inventory of the respective company. The inventory must contain at least the following information:
• Location of the servers and the responsible person.
• Hardware and Operating System.
• Main task and applications running on it.
• Operating System versions.
b. Provided that measures regarding personal data security are taken, all information of the Company must be kept up to date.
c. No foreign mobile device or data carrier can be plugged in or used, except for the information technology systems permitted in the Company.
II. General Configuration Rules
a. Operating system configurations will be made according to the instructions of the IT department.
b. Unused services and applications will be closed.
c. Continuous updating of operating systems running on the server, service server software, and protection software such as antivirus must be ensured. If possible, patch and antivirus updates should be performed automatically by the software, but should be applied after passing through an approval and test mechanism within the framework of change management rules. 
d. Standard security principles for application access must not be bypassed, and unnecessary services must not be opened.
e. System administrators must not use general user accounts such as "Administrator" and "root" unless necessary, and should use their own user accounts which are granted the necessary privileges. General administrator accounts must be renamed. When necessary, they should log on with their own accounts first, and then switch to general administrator accounts.
f. Privileged connections should be made over a secure channel (such as an encrypted network like SSH or IPSec VPN) if technically possible.
g. Servers must physically be located in access-controlled system rooms. 
III. Monitoring
a. All security-related events occurring in critical systems must be logged and stored as follows:
• All security-related logs must be stored for a minimum of 1 week and accessed online.
• Daily tape backups must be stored for at least 1 month.
• Weekly tape backups of logs must be kept for at least 1 month.
• Monthly full backups must be kept for at least 6 months.
• Logging records must be off-site (outside the building).
b. Security-related logs will be evaluated by the responsible person, who will take the necessary measures. Security-related events may include, but are not limited to, the following:
• Port scanning attacks.
• Unauthorized persons attempting to access privileged accounts.
• Abnormal events occurring on the server that are not related to the current application.
IV. Compliance 
a. Audits will be conducted every six months by the Responsible Person appointed within the company by authorized organizations.
b. Audits will be managed by the IT Department.
c. Maximum effort will be shown during audits to ensure that they do not harm the operation of the organization.
V. Operation
a. Servers must be operated in environments where electricity and network infrastructure, as well as temperature and humidity values, are regulated.
b. Software and hardware maintenance of servers must be performed once a year by authorized experts.
c. Unauthorized entries into system rooms must be prevented. Entry and exit to system rooms must be access-controlled.

6. AUTHENTICATION AND AUTHORIZATION

The measures to be taken, rules, and standards to be followed regarding Authentication and Authorization in information systems are as follows: 
a. It will be determined which systems all users who will access Company systems can access based on their corporate identities, and with which authentication method.
b. Relevant profiles and authentication methods will be defined for external and extranet users who need to access Company systems.
c. User roles and authorizations on all application software, package programs, databases, operating systems used within the Company, and all systems accessed by logging on must be determined.
d. Usage rights on all corporate systems (including rights given by users to each other regarding their own systems) must be reviewed periodically and revised in line with requirements and the principle of granting the minimum necessary authority.
e. Continuous up-to-dateness of access and authorization levels must be ensured. f. Users are responsible for the security of the systems allocated for their use on behalf of the company.
g. Users must conceal the access passwords given to them and must not share them with anyone.
h. Actions of users logging into systems aimed at exceeding authority must be monitored, and authority violations must be checked.
i. Access rights must be declared to users in writing, and sanctions must be applied for users who violate access rights.
j. A unique user account must be opened for each user in order to monitor user movements.
k. Identity identification must strictly be performed for individuals who will connect to the company Wi-Fi network from outside. Wi-Fi password usages allocated for meeting rooms must also be matched with the identity of those participating in the meeting.

SECURITY OF PERSONAL DATA

1. Definition of Personal Data

According to Law No. 6698, personal data is any information relating to an identified or identifiable natural person. For example, a person's name, surname, date of birth, place of birth, fingerprint, voice recording, family information, and telephone number, etc. The basic rules to be followed regarding the privacy of personal data are as follows. 

2. General Rules

In order to ensure the security of all personal and corporate information, attention must be paid to the matters specified below. 
a. It must be very well defined who will access which data with which authorizations in the Company. Role-based authorization must be performed, and it must not be possible for unauthorized persons to access qualified data.
b. Personal data belongs to the individual. Authorized employees should only be able to access personal data related to their duties. However, other persons outside the scope of authority may access data only with the written approval of the relevant responsible person appointed within the company.
c. Without the consent of the customer, no employee can transmit customer information to third parties and institutions, such as the person's relatives or acquaintances, even verbally.
d. Customer data cannot be transmitted to third parties for commercial purposes either.
e. Upon the request of the customer, a copy regarding their information must be delivered to the customer. Without prejudice to the relevant legislative provisions, no customer record shall be given to third parties and institutions in electronic or paper environment.
f. Necessary measures must be taken to prevent the exposure of personal data belonging to customers and employees. (No record containing personal data should be left around haphazardly, and the computer screen must not be left in a way that can be read by others). 
g. While speaking on the phone, third parties must be prevented from becoming privy to personal data.
h. All personal data must be stored in physically protected premises.
i. Access to the electronic records of the Company from the internet environment must not be possible.

3. The Right of the Individual to Have Control Over Their Data

The data subject has the right to know how their data is processed, to request information, to update when necessary, and finally to request the deletion of their data. The Company is obliged to meet these requests coming from users or customers. 

4. Principle of Lawfulness of Data

All data located in the company, transmitted to the company, or originating from the company, and all kinds of transactions regarding data, must be carried out in accordance with the law and personal rights. All employees of the Company must respect the confidentiality of the company's customers' data.

5. Right to Information

Company customers have the right to know where and how their data is used. Measures facilitating and making this right possible are taken by the company.