Integrated Management System Policy

INFORMATION SECURITY POLICY

In our company, it is of great importance to meet legal requirements, respond to the needs and expectations of our customers, suppliers, and third-party stakeholders, and ensure access to services provided in a quality, fast, and secure manner. It is crucial for our employees to access information assets in a timely, complete, accurate, and uninterrupted manner. The company has decided to establish an Information Security Management System (ISMS) in accordance with the ISO/IEC 27001:2022 standard to protect the information belonging to itself, its customers, and third-party stakeholders. The purpose of establishing the ISMS is to evaluate information in terms of confidentiality, integrity, and accessibility, and to protect it from all threats that may arise intentionally or accidentally from internal and/or external sources, ensuring that activities are carried out effectively, accurately, quickly, and securely. Information security is a corporate responsibility and aligns with our corporate goals. Necessary roles have been defined, responsibilities have been assigned, and responsible parties have been appointed to ensure the healthy operation of information security processes. These responsibilities cover all units using the information technology infrastructure, users accessing information systems as third parties, and suppliers providing technical support to information systems.

QUALITY POLICY

In our company, it is of great importance to meet legal requirements, respond to the needs and expectations of our customers, suppliers, and third-party stakeholders, and ensure access to services provided in a quality, fast, and secure manner. Customer satisfaction is of utmost importance. The Quality Management System is a corporate responsibility and aligns with our corporate goals. Our primary objectives are to maintain the highest level of customer satisfaction in the products and services we provide, increase efficiency and effectiveness, manage resources efficiently, manage customer feedback effectively, and continuously improve. Necessary roles have been defined, responsibilities have been assigned, and responsible parties have been appointed to ensure the healthy operation of the quality management system processes.

INFORMATION TECHNOLOGY SERVICE MANAGEMENT POLICY

In our company, it is essential to ensure that the services provided in our field of activity are carried out in accordance with the ISO 20000-1 Information Technology Service Management standard, continuously improve the effectiveness of the Service Management System and services, ensure the IT service infrastructure and continuity for all transactions carried out through the electronic applications offered by the institution, ensure the satisfaction of users and stakeholders receiving IT services, prioritize and accurately meet customer needs, ensure harmony between the departments providing the service, and implement necessary measures to establish, develop, and ensure the effectiveness of a structure in line with the requirements of information technology service management, meet legal requirements, and manage risks and opportunities effectively to fulfill the requirements of the ISO 20000 standard and continuously improve all IT processes.

BUSINESS CONTINUITY MANAGEMENT POLICY

In our company, it is essential to ensure that the services provided in our field of activity are carried out in accordance with the ISO 22301 Business Continuity Management System standard, ensure safety of life primarily in events such as disasters or any emergencies beyond our control by keeping and improving business continuity plans continuously, ensure that all services and activities are not affected or are affected minimally as foreseen in previous studies, conduct drills to ensure that our plans work in emergencies, identify potential risks that may cause service interruptions and take measures against these risks, manage internal and external communication on business continuity issues, fulfill the requirements of suppliers, customers, shareholders, employees, and legal authorities, and prepare our business continuity plans by considering customer expectations, corporate policies, and legal obligations.

PERSONAL DATA PROTECTION POLICY

The main purpose of this Policy is to provide explanations about the personal data processing activities carried out by the Company in accordance with the law and the systems adopted for the protection of personal data, and to ensure transparency by informing individuals whose personal data is processed by our company, including our customers, potential customers, employees, employee candidates, company officials, visitors, employees of institutions we cooperate with, officials, and third parties. The company commits to ensuring that personal data processed by the company is managed in accordance with the ISO 27701 Personal Data Management System standard, meeting legal requirements, and continuously improving by managing related risks.

CUSTOMER SATISFACTION POLICY

The company follows a customer-oriented approach, where customers can easily convey their requests and dissatisfaction, which are handled objectively, fairly, carefully, and confidentially, evaluated in a manner that does not contradict legal requirements and company policy, and necessary improvements and controls are continuously made to prevent the recurrence of the same dissatisfaction. Our customer satisfaction rules are: We first consider our customers as "Right" and examine the reason for the complaint from this perspective, we investigate every issue conveyed to us and find an opportunity to improve ourselves, we nurture an understanding that aligns with our customers' expectations for quality service, and we aim to establish strong, accurate, clear, and continuous customer relationships after the products and services offered by our institution.

COMPLAINT POLICY

No fee is charged from the customer for evaluating complaints, and no profit is made in any way. Company employees consider objectivity criteria in the solution process: The complaint procedure is open and accessible to customers. Complaints are handled without bias and fairly. Integrity is emphasized in revealing the facts related to the complaint, and all parties involved are considered. The information of the complaining customer is confidential. Information is not shared with third-party organizations and individuals outside the Company unless necessary for the resolution of the complaint.

In this context, our company commits to fulfilling the requirements of the Integrated Management System standards, meeting legal requirements, activating all applicable controls, and continuously improving the established Integrated Management System with new application areas and developing technology at regular intervals every year.