Purpose & Scope
Astreva operates an ISO/IEC 27001–aligned ISMS to protect the confidentiality, integrity and availability (CIA) of information assets across IT/OT, cloud services, supplier access, warehouses, offices and field operations.

Commitments

• Compliance: Adherence to GDPR/KVKK, contracts and sector regulations.

• Asset & risk management: Asset inventory, classification and risk treatment plans.

• Access control: Least privilege, MFA, segregation of duties and periodic reviews.

• Cryptography & data protection: Encryption at rest/in transit, key management, removable media control.

• Physical & environmental security: Site access control, CCTV, visitor management, power/HVAC.

• Ops & patching: Managed inventory with timely patch and security updates.

• Secure SDLC & change control: Code reviews, testing and formal Change Control.

• Supplier security: Contractual security clauses, third-party risk assessments and audit rights.

• Incident management: 24/7 reporting, classification, root-cause and CAPA.

• Backup & recovery: 3-2-1 backups, geo-redundancy and regular restore tests (integrated with BCP/DR).

• Awareness: Annual training, phishing simulations and role-based modules.

• Continual improvement: KPIs, internal audits and Management Review.

Measurable Targets (examples)

• Training completion: ≥ 98%

• Phishing failure rate: ≤ 3%

• Critical patch SLA: ≥ 95% within 14 days

• P1 incident first response: ≤ 30 min; closure: ≤ 5 business days

• Backup restore success: ≥ 99%/month

• Critical vuln remediation: ≤ 7 days