3. RESPONSIBILITIES:

3.1. General manager

It is responsible for ensuring that the policy meets the information security needs of the company, providing the necessary resources and supervision for the implementation of the policy, and reviewing the policy at least once a year or in cases that may require changes in the policy.

3.2. ISMS Representative

The ISMS Representative appointed by the General Manager is responsible for ensuring that the Information Security Policy meets the company's needs and providing the necessary support and supervision for its implementation.

3.3. All Staff

He is responsible for fulfilling the requirements of the Information Security Policy as required by his areas of duty.

4. DEFINITIONS

ISMS: Information Security Management System

Confidentiality: Restricting the viewing of the content of the information to only those who are allowed to view the information/data.

Integrity: It is the ability to detect unauthorized or accidental changes, deletions or additions or deletions of information and to guarantee detectability.

Accessibility: The availability of information whenever it is needed.

5. APPLICATION

To accelerate the digital transformation of our customers by providing them with innovative, reliable and high-quality software solutions.

To be a leading software company in many industries around the world and to constantly deliver technological innovations to help our customers digitalize their business.

• Managing information assets, determining security values, needs and risks of assets, developing and implementing controls for security risks

• To define the framework that will be determined by methods for determining information assets, values, security needs, vulnerabilities, threats to assets, and the frequency of threats.

• Defining a framework for assessing the confidentiality, integrity, availability impacts of threats on assets.

• To set forth the working principles for handling risks.

• Continuously monitoring risks by reviewing technological expectations in the context of the scope of service

• To ensure information security requirements arising from national or international regulations, fulfilling legal and relevant regulatory requirements, meeting obligations arising from agreements, and company responsibilities towards internal and external stakeholders.

• Reducing the impact of information security threats to service continuity and contributing to continuity

• Having the competence to quickly intervene in information security incidents that may occur and minimize the impact of the incident.

• To maintain and improve the information security level over time with a cost-effective control infrastructure.

• Information Security Management System Policy, Processes, etc. are provided to all personnel. To provide awareness, information and awareness training on issues. Repeat this training at certain periods.

• To continuously improve the system, taking into account the results of implementation, audit and corrective action within the scope of the Information Security Management System.

• To carry out the Information Security Management System in integration with other management systems within the company.

• To work to understand and meet the requirements of the Personal Data Protection Law (KVKK).

• To improve the company's reputation and protect it from negative effects based on information security.

6. SANCTION

Disciplinary Procedure provisions are applied to all personnel who do not work in accordance with this policy.