Information Security

Our Management Systems Policy

Senior Management Commitment

CP Turkiye Senior Management is committed to ensuring the continuity of our services and the security of our information assets for customer satisfaction.

CP Turkiye management embraces the following principles:

• It attaches importance to ensuring the security and continuity of activities related to the products and services it offers to its customers, employees, and business partners.
• It aims to ensure that all business processes are aligned with company objectives and are integrated and balanced with each other. An integrated and dynamic business strategy requires the security and continuity of information assets.
• It adopts the principle of taking precautions against risks that may threaten the confidentiality, integrity, accessibility, and sustainability of products and services that provide value to customers, employees, business partners, and the CPF Group.
• It commits to providing the necessary resources and making infrastructure investments to effectively maintain security and continuity.
• Ensures the independent review of the management system using internal and external resources to guarantee the continuous improvement of information security, business continuity, and service management systems.
• Evaluates the potential effects of climate change on information security and takes the necessary measures to minimize these effects.

Integrated Management Systems Policy

CP Turkiye has a vision to be the most productive and efficient company in the feed industry in Turkiye. To achieve this vision, CP Turkiye embraces the following principles, recognizing the important role that information security, business continuity, and service management play in this endeavor.

• To fulfill the requirements of Management Systems and increase efficiency by ensuring continuous improvement,
• To act in compliance with all legal and regulatory requirements within the scope of Management Systems.
• To guarantee the security requirements of mutual information exchange with partner companies,
• To maintain all business processes, particularly information technologies, in accordance with Management Systems,
• To prepare business continuity plans and conduct regular tests to prevent business interruptions in critical business processes, particularly in the main business area of production processes,
• To prioritize human life and health in business continuity efforts,
• Develop the awareness and competence of employees and contractors in Integrated Management Systems,
• Provide products and services in accordance with established quality standards to continuously meet customer expectations,
• Be prepared for emergencies.

In light of these principles, our Integrated Management Systems provide a framework for the following objectives:

• To provide all personnel and relevant parties within the scope of the Integrated Management Systems with the necessary professional competencies and awareness to ensure their effective sustainability.
• To maintain the continuity of the systems and carry out the necessary work to ensure continuity by setting target recovery times,
• To develop, implement, and ensure independent review of applicable controls for the security of sensitive information assets in processes carried out on behalf of CP Turkiye and CPF Group,
• To maintain business processes within the scope of CP Turkiye Integrated Management Systems in line with the Management System,
• Conduct risk assessment, risk analysis, and risk treatment activities to manage Integrated Management System risks, develop necessary measures, and carry out activities to prevent potential risks,
• Establish reporting/notification infrastructure for security breaches and suspicious information security activities, and provide necessary support for investigations where required.
• Tighten internal controls and prevent unauthorized access to information assets to ensure that they are adequately protected and accessible.
• Preventing interruptions in critical business processes and, if this is not possible, ensuring that operations are restored within the targeted recovery time,
• Ensure compliance with legal or regulatory obligations arising from contracts and/or relevant legislation,
• Ensure the long-term survival of our business by identifying potential threats to e-archiving activities in advance and implementing the most cost-effective intervention and continuity plan,
• Minimizing costs arising from business interruptions by returning to normal levels as quickly as possible following any incident or emergency, and maintaining a reputable and reliable business image that customers trust,
• Ensuring that business continuity activities are aligned with the company's commercial and business objectives and are an integral part of the corporate culture.

In addition, Service Management System objectives must be aligned with corporate strategies and IT strategies. Service Management System objectives are established based on information gathered from the sources listed below and documented in the service management plan.

Integrated Management System objectives are determined based on policies, goals, and risk assessment results. Objectives are tracked, measured, and evaluated using the Management System Performance Evaluation Form.

The following points are taken into consideration to ensure the continuous improvement of Integrated Management Systems:

• Expectations obtained from meetings with senior management
• Expectations communicated by customers
• Customer satisfaction survey results
• Supplier evaluation results
• Service level reports
• Customer complaints
• Process performance indicators
• Results of continuous improvement activities

For a fiscal year, service management goals and how to achieve them are documented in the Service Management Plan. The service management plan is reviewed once a year to assess progress toward achieving the goals.