Information & Data Security Policy

1. Purpose and Scope

As Creasiv, ensuring information security at the highest level in the technology, software, automation, and design services we offer is an integral part of our corporate strategies. This Information Security Policy aims to protect all physical and digital information managed by our company within the framework of confidentiality, integrity, and availability (CIA Triad) principles.

This policy covers all managers, full-time/part-time employees, contractors, suppliers, and IT infrastructures that host data belonging to clients served.

2. Our Information Security Objectives

• To detect and neutralize all types of threats, both internal and external, intentional or accidental, against our information assets in a timely manner.
• To establish the necessary technical/administrative infrastructure to prevent data leaks, unauthorized changes, or system unavailability in accordance with current standards (including ISO 27001 requirements).
• To keep data backup and disaster recovery scenarios ready and tested to ensure business continuity (Business Continuity Plan - BCP).
• To proactively minimize risk levels identified as a result of regularly conducted security audits.

3. Data Protection and Technical Measures

The following security techniques are strictly applied in our systems to ensure data security:

• Advanced Encryption: Customer data and passwords stored on servers are encrypted using modern encryption algorithms (e.g., AES-256) as "Data at Rest." All data exchanges between clients and servers are secured through SSL/TLS protocols as "Data in Transit."
• Authorization and Authentication: Internal and corporate customer panels are accessed through Role Based Access Control (RBAC) authorization models. Critical administrative operations undergo multi-factor verification.
• Zero Trust Architecture: No device on the corporate network is trusted by default; continuous identity and authorization verification is maintained.
• Network Security and Traffic Analysis: Network traffic is monitored in real-time through advanced hardware and software firewalls to prevent unauthorized access.

4. Risk Management and Assessment

Creasiv reassesses information security risks during infrastructure changes and at periodic intervals. Identified vulnerabilities are scored according to their criticality levels. Emergency response action plans for high-level risks are activated immediately. Secure Coding Lifecycle principles are adopted throughout the software lifecycle, and products undergo a rigorous review process before publication.

5. Incident Response and Breach Notification

When a cybersecurity breach is suspected in the company infrastructure or an externally provided service, our Incident Response Team immediately takes charge. Relevant databases are isolated if necessary. In the event of a personal data breach, transparent notification is made to the relevant official institutions and data subjects within the legal timeframe (no later than 72 hours, etc.) in accordance with applicable legislation (e.g., KVKK Article 12).

6. Personnel Awareness Training

With the awareness that even the strongest software can be compromised by the human factor, "Information Security Awareness" and "Secure Workstation Management" procedures are applied to all our team members. Staff confidentiality commitments ensure that cyber risk awareness is maintained at the highest level.

7. Compliance and Contact

All employees and cooperating third parties commit to complying with the provisions of this Information Security Policy. You can forward all security-related reports, vulnerability disclosures, and information requests to us through the following channel: