The common goal of the Senior Management and all employees of Arıkan Kriko ve Makina San. Tic. A.Ş. is to ensure the confidentiality, integrity, and availability of information assets in all our company's activities, to systematically manage potential risks, and to continuously improve effectiveness by ensuring full compliance with ISO/IEC 27001 and TISAX standards.

In line with this policy, the following principles have been determined. The senior management has adopted the implementation of these matters;

• To continuously ensure the confidentiality, integrity, and accessibility of corporate information and information systems,
• To systematically identify, evaluate, and manage risks directed at information assets,
• To establish, implement, and maintain the Information Security Management System (ISMS) in full compliance with ISO/IEC 27001 and TISAX requirements,
• To fully comply with all legal, regulatory, and contractual obligations related to information security,
• To regularly monitor, measure, and continuously improve the effectiveness of the ISMS,
• To provide technical and behavioral information security awareness training to all employees and to increase their level of awareness,
• To have information security policies and procedures prepared and approved by the Information Security Team and to ensure their implementation,
• To ensure the uninterrupted operation of information systems through business continuity and disaster recovery plans,
• To define information security requirements in third-party contracts and ensure their compliance,
• To minimize information security incidents and breaches, to detect them quickly, and to turn them into learning opportunities,
• To ensure full compliance with legislation in the production, processing, storage, sharing, and disposal of information,
• We commit to implementing technical security controls appropriate to current threats, keeping them up-to-date, and ensuring their continuous effectiveness.