The main theme of our company’s ISM, in line with the TS EN 27001:2022 standard, is to demonstrate that information security management is ensured within the information processing activities used in our services, covering people, infrastructure, software, hardware, organizational information, third-party information, and financial resources; to guarantee risk management, to measure the performance of information security management processes, and to regulate relationship with third parties in matters related to information security.

Accordingly, the objectives of our ISMS Policy are as following:

• To manage information assets, determine their security values, requirements and risks, and to develop and implement controls against security risks
• To define a framework for identifying information assets, their values, security requirements, vulnerabilities threats, and frequency of threats
• To establish a framework for assessing the confidentiality, integrity, and availability impacts of threats on information assests
• To set out the working principles for the treatment of risks
• To continuously monitor risks by reviewing technological expectations within the scope of the services provided
• To fulfill information security requirements arising from applicable national or international regulations, legal and related legislative requirements, contractual obligations, and corporate responsibilities toward internal and external stakeholders
• To reduce the impact of information security threats on service continuity and to contribute to the continuity of services
• To possess the competence to rapidly respond to potential information security incidents and to minimize thier impact.
• To maintain and improve the level of information security over time with a cost-effective control infrastructure.
• To enhance the company’s reputation and protect it from adverse effects based on information security.