Information Security Policy Management Statement
Dear Stakeholders,
At KPMG, we recognize information as a critical business asset. Information assets must be adequately safeguarded to ensure operational effectiveness and regulatory compliance. In today's business environment, safeguarding these assets through robust controls and proactive measures is a fundamental prerequisite for success. Therefore, KPMG is fully committed to managing information security within a formal, structured Information Security Management System (ISMS).
Our information assets are actively safeguarded against loss, theft, damage, and unauthorized access or modification. These assets and our systems face constant threats from malware, cyberattacks, malicious actors, and corporate espionage. Any incident arising from these threats could severely disrupt our services and inflict lasting damage on our firm’s reputation.
We have established our Information Security Policies to ensure our operations meet regulatory expectations, to mitigate risks, and to prevent security breaches. Crucially, these policies clearly define your individual responsibilities in protecting the firm. As outlined in your employment contract, you are legally and professionally obligated to maintain the strict confidentiality of all critical firm information. This mandate covers all formats, from physical, printed documents to data stored across our digital infrastructure. I want to emphasize that safeguarding critical information is the direct responsibility of every single employee.
The principles and safeguards detailed in these policies, their associated procedures, and appendices represent the operational standards and mandatory objectives for our firm.
We trust we have your complete cooperation in this critical endeavor.
Sezgin Topçu National IT Security Officer (NITSO)
Murat Alsan CEO