As OXIVO Grup Bilişim A.Ş., our primary objective is to ensure the security of human resources, infrastructure, software, hardware, customer information, company data, third-party information, and financial resources by effectively implementing our Information Security Management System (ISMS). We aim to manage information security risks and continuously improve process performance by measuring it regularly. Our policy is based on ensuring compliance with all legal and regulatory requirements related to information security and effectively managing relationships with third parties.

The fundamental principles of our ISMS policy are as follows:

• Protection of Information Assets: Safeguarding our information assets from internal or external threats, whether intentional or unintentional, and regulating access to information in alignment with business processes. Operating within a management system that complies with legal regulations and international standards.
• Confidentiality, Integrity, and Accessibility: Committing to protecting and maintaining the confidentiality, integrity, and availability of information. This includes preventing unauthorized access to critical information, ensuring the accuracy and integrity of data, and allowing authorized personnel to access information when needed.
• Security Across All Platforms: Ensuring the security of information stored in electronic, written, printed, verbal, and all other forms.
• Awareness and Training: Conducting regular training sessions for all employees to raise awareness of information security. Encouraging all personnel to report any suspected or identified information security vulnerabilities to the ISMS Team.
• Risk Assessment and Mitigation: Periodically evaluating risks that threaten information security and taking necessary actions accordingly.
• Business Continuity Planning: Developing, maintaining, and regularly testing business continuity plans.
• Compliance with Legal and Regulatory Requirements: Ensuring adherence to all legal and regulatory requirements.
• Continuous Improvement: Regularly reviewing and improving the effectiveness and sustainability of ISMS processes.
• Conflict Prevention: Taking necessary precautions to prevent disputes and conflicts of interest arising from contracts.
• Performance Monitoring: Tracking the performance of information security processes and ensuring that they achieve the intended outcomes.
• Implementation of Action Plans: Ensuring the timely execution and evaluation of the effectiveness of designated action plans.

This policy commits to the implementation of information security processes at all levels, maintaining our management system in compliance with the ISO 27001:2022 standard, and fostering continuous improvement. As OXIVO Grup Bilişim A.Ş., we take leadership and responsibility for all information security processes, integrating our employees and business partners into this process.