Business Continuity Policy
Ayas Turizm has prepared and implemented plans to ensure the continuity of critical business processes and services and to return all business processes to normal working order in the event of an interruption, crisis or disaster.
Business Continuity Policy covers the implementation principles specified in ISO 22301 Business Continuity Management Standard and ISO 27031 Information and Communication Technology Business Continuity Guide, obligations determined by customer contracts, Business Partnership Contracts obligations, and Turkish law and legislation obligations.
The main purpose of the Business Continuity Management Policy is to make the critical processes and assets determined by business impact analysis functional in a predetermined minimum period of time in case of any interruption. For this purpose, first response and recovery strategies following an outage will be based on the following items.
1- To protect the personnel and primarily take care of life safety
2- Carrying out a risk assessment of threats and vulnerabilities on critical processes, components and assets.
3- Identify the affected processes, components and assets according to risk scenarios
4- Increasing the speed of intervention and implementing an effective decision process
5- Activating processes and operations as quickly as possible
6- Managing internal and external communication, including communication with the media
7- Managing the risks that will harm the brand value and company reputation of Ayas İsos Turizm (Ayas Turizm)
8- Managing relations between stakeholders
In order to ensure the continuity of critical business processes and services and to normalize all business processes and services within the planned periods and in line with priorities, the requirements are specified in the service level agreements made with the suppliers. Training, testing and exercises are carried out in order to establish the Business Continuity Management System, to place it in the corporate culture, to increase the awareness of the employees and to ensure their participation in the studies.
Ayas İsos Turizm (AyasTurizm) Senior Management undertakes to implement, review and continuously improve the practices related to Information Security.
Quality policy
Ayas Tourism; It aims to provide service by constantly raising our service standards, to provide unconditional customer satisfaction, to ensure that every employee works in the safest possible condition. Conscious of this purpose;
1- To satisfy our customers by providing services in the most economical way and within the desired delivery time, in accordance with the national and international quality standards, with the participation of all employees of our company,
2- To comply with the laws and regulations without compromise,
3- To comply with the requirements of Quality Management Systems and to ensure continuous improvement,
4-To ensure that all employees and related parties do not endanger the health and safety of themselves, other employees and visitors with the help of necessary information and training,
5- To establish a prevention culture by systematically making risk assessments regarding possible dangerous situations and behaviors within the scope of all its activities,
6- To produce quality service at all times, on time and at a competitive price, to create it with the joint effort and effort of all personnel, from the highest level manager to the lowest level employee,
7- Continuously following and updating the technology and systems that will provide quality, efficient and economical service,
8- To give importance to the quality, continuous education and motivation of the personnel working at all levels of the enterprise,
9- It is extremely important for the effectiveness of our Quality & Environment management system to share our approach and priorities with the public and other interest groups, and that our company personnel work around these principles and act consciously.
Ethical Violation Notice
Ethical Violation Notification, which is a communication channel that ensures the prevention of losses and abuses within the company, is a part of the Ethics Management system; It is a mechanism that aims to protect the corporate identity of the company and to facilitate the work life of the employees.
Ethical Violation Notification Form Internal software is an example of sending mail.
your name and your surname
E-Mail Address
your nationality
Cell phone number
Related Units
Human Resources Guest Brand Other Issues
IMPORTANT NOTE: You must have data in jpg, doc formats and a maximum size of 4 MB. Otherwise, our software system considers your e-mails as not received.
Ayas Turizm Ethical Violation Notice; In addition to individuals and organizations working in cooperation with Ayas Turizm, such as company employees, auditors, consultants, authorized sales agents, corporate customers, our guests; It has been created so that they can convey to the Ethics Committee the issues, employee behaviors and practices that they think are not in accordance with the Ayas Tourism Code of Business Ethics. Ayas Turizm applies these ethical rules in order to resolve conflicts in professional and personal relations, to display honest working activities and to ensure the confidentiality of company information.
All of our employees and business partners can report violations via e-mail or telephone line.
You are kindly requested to use the Ayas İsos Turizm (Ayas Turizm) KvK form link and fill in the application form and send it to the relevant address in order to use or not use your personal data. Otherwise, the data will continue to be used in accordance with the terms of use. Our company is not responsible if it is used for different purposes, outside of our web page or for communication purposes. Those who do not submit a form cannot make a commitment to claim their rights. Please read, fill and submit.
Information Security Policy
It is aimed to establish an information security policy in line with the strategic direction of Ayas Turizm and to define the basic information security principles.
Scope
The scope of the Information Security Policy; They are the organization and information values defined in the Scope and Boundaries document.
Responsibilities
Senior management
It is responsible for ensuring that the Information Security Policy meets the needs of the institution, providing the necessary support and supervision for its implementation, and reviewing the policy at least once a year or in cases where changes may be required in the corporate policy. Representing the top management, this task is performed by the ISMS Representative and approved by the General Manager.
ISMS Representative
It is the authority / person who takes responsibility for the senior management at every stage from the establishment of the Information Security Management system to its operation and management.
ISMS Team
The ISMS team, assigned by the Senior Management of Ayas İsos Turizm, is responsible for ensuring that the Information Security Policy meets the needs of the institution, providing the necessary support and supervision for its implementation, and reviewing the policy at least once a year or in cases where changes may be required in the corporate policy.
All Staff
It is responsible for fulfilling the requirements of the Information Security Policy as required by its duties.
Definitions
ISMS: Information Security Management System
ISMS Team: The ISMS team is the organization that represents the management, takes the responsibility for the successful continuation of the ISMS and provides its oversight.
ISMS Internal Auditor: The person who is independent of the implementation and operation of the ISMS, has the experience, training and certifications to perform the ISMS audit and performs the internal audit of the ISMS. Internal auditors may be internal or external to the institution.
Management Support
Senior management actually supports ISMS with the activities it carries out under the umbrella of ISMS Coordination team, ISMS Representative and ISMS Internal Auditor personnel assignments, ISMS investment, expense and training budgets, management review activities.
Top management leads to achieve ISMS objectives by complying and promoting compliance with ISMS policies and procedures.
Top management expresses the importance of information security risks management in terms of the reputation of the institution and the continuity of activities, by applying managerial activities and through corporate policies.
It evaluates the risks at least once a year and ensures the continuity and sustainability of the system by reviewing the Information Security Policy.
Information Security Policy
Identifying risk acceptance criteria and risks, developing and implementing controls.
To ensure the implementation of the information security risk assessment process in order to identify the risks related to the loss of confidentiality, integrity and accessibility of the information within the scope of the information security management system, to identify the risk owners.
To define a framework for evaluating the confidentiality, integrity and accessibility effects of information within the scope of the information security management system.
To monitor the risks continuously by reviewing the technological expectations in the context of the scope of service.
To meet the information security requirements arising from the national or sectoral regulations to which it is subject, fulfilling the legal and relevant legislation requirements, meeting the obligations arising from the agreements, and corporate responsibilities for internal and external stakeholders.
To reduce the impact of information security threats on service continuity and to contribute to continuity
To have the competence to respond quickly to information security incidents that may occur and to minimize the impact of the incident.
To maintain and improve the level of information security over time with a cost-effective control infrastructure.
To improve corporate reputation, to protect from negative effects based on information security.
Within the scope of information security of Ayas Turizm, to increase corporate awareness about information with different levels of confidentiality, to identify and implement the logical, physical and administrative controls recommended for information with different levels of sensitivity; To define the rules of storage and destruction of data in portable media.
Ayas İsos Turizm (Ayas Turizm) Management undertakes to implement, review and continuously improve the practices related to Information Security.
