INFORMATION SECURITY MANAGEMENT SYSTEM POLICY

The main theme of Elif İplik's ISMS is to demonstrate that information security management is ensured across people, infrastructure, software, hardware, organizational information, third-party information, and financial resources; to secure risk management; to measure information security management process performance; and to regulate relationships with third parties regarding information security matters.

Accordingly, the purpose of our ISMS Policy is:

1-) To manage information assets, determine their security values, requirements, and risks, and develop and implement controls against security risks.

2-) To define the framework for determining information assets, values, security requirements, vulnerabilities, threats to assets, and the frequency of such threats.

3-) To continuously improve the Information Security Management System.

4-) To define a framework for assessing the confidentiality, integrity, and availability impacts of threats on assets.

5-) To establish the principles for risk treatment.

6-) To continuously monitor risks by reviewing technological expectations within the scope of services provided.

7-) To fulfill information security requirements arising from national and international regulations, legal obligations, contractual commitments, and corporate responsibilities towards internal and external stakeholders.

8-) To reduce the impact of information security threats on service continuity and contribute to sustainability.

9-) To possess the capability to respond rapidly to information security incidents and minimize their impact.

10-) To maintain and continuously improve the level of information security through a cost-effective control infrastructure.

11-) To enhance corporate reputation and protect it from information security-related adverse impacts.

12-) To ensure that all employees are informed of their individual responsibilities regarding this information security policy.

13-) To maintain a management system that achieves these objectives and continuously seeks improvement in the effectiveness and performance of our risk-based management system.