As part of our commitment to sustainable development, it is one of our core principles to manage and improve the risks related to our information assets and information processing activities in alignment with our fundamental business objectives. To this end, we commit to the following:

• Fulfilling all applicable requirements of the ISO/IEC 27001 Standard,

• Ensuring the confidentiality of personal, corporate, or third-party information (produced and/or used) under the ISMS (Information Security Management System), in all circumstances,

• Guaranteeing that information is accessible only by authorized personnel in accordance with the “need to know” principle,

• Preventing any unauthorized use, alteration, disclosure, or damage to all information assets within the scope—whether intentional or accidental,

• Reporting all actual or suspected information security breaches and taking preventive actions to avoid recurrence,

• Systematically assessing, processing, and reducing information security risks to acceptable levels,

• Complying with all national laws and regulations related to Information Security in our country,

• Providing technical and behavioral training to all employees involved in in-scope processes to raise awareness and enhance competencies regarding information security,

• Ensuring that all necessary resources are provided for the implementation, maintenance, and continual improvement of the ISMS,

• Supporting the reduction of carbon emissions in Information and Communication Technology processes by working in harmony with our Green IT Policies.

We are committed to providing all necessary management support to effectively carry out ISMS activities.

In this regard, all our employees, as well as stakeholders, third parties, and suppliers who access or are authorized to access Baykal Makine's information assets, are also responsible for complying with our core information security policy.