INFORMATION SECURITY POLICY

As Pelit Arslan employees, with the aim of managing all kinds of risks to our business continuity and information assets,

Our Principles are:

• Confidentiality: To prevent unauthorized individuals, organizations, or other operating systems from accessing or obstructing access to information.
• Integrity: To maintain the integrity and accuracy of assets.
• Accessibility: To ensure access and availability for authorized individuals.

In line with these principles, we aim to:

• Create information security awareness among our organization’s employees, convey to users their responsibilities regarding information security, and encourage their implementation.
• Document the Information Security Management System to meet the requirements of the ISO 27001 standard; ensure continuous improvement of system suitability, accuracy, and effectiveness.
• Identify, assess, and establish the necessary management system for security needs, risks, threats, and vulnerabilities related to information security processes.
• Establish working principles for risk management, develop and implement controls for security risks, and monitor risks by continuously reviewing technological expectations and developments.
• Comply with all national and international legal regulations and contracts made with third parties in our field of activity and Information Security.
• In this context, our relations with our Dealers, Domestic and International customers are very valuable to us.
• The continuity of the services we provide, the confidentiality of the information we hold, and the integrity of customer or our own information assets are of high importance.
• We are aware of and manage the risks to the confidentiality and accessibility of all kinds of information assets belonging to our company, customers, suppliers, and business partners by assessing these risks.
• All Company employees are obliged to act in accordance with the published policies and procedures for the proper protection of information assets within the scope and to fulfill the responsibilities defined for them.

We are committed to:

• Increase the awareness of users and employees about information security to minimize information security risks.
• Ensure that users are aware of their responsibilities.
• Ensure the protection of personal information.
• Prevent disruptions in processes, reduce the impact of information security risks on business continuity, and ensure business continuity.