Managing and developing the risks related to our information assets and information processing processes in accordance with our core business objectives is one of our fundamental principles, which we consider a part of our sustainable development. To this end:

• Documenting, certifying, and continuously improving the effectiveness of our Information Security Management System (ISMS) to meet the requirements of the ISO/IEC 27001 standard,

• Complying with all applicable requirements of the ISO/IEC 27001 Standard,

• Ensuring the confidentiality of personal, corporate, or Third Party (produced and/or used) information within the scope of ISMS under all circumstances,

• Ensuring that information is accessible only by authorized persons in accordance with the "need to know" principle,

• Preventing the unauthorized use, alteration, disclosure, and damage of all information assets within the scope, whether intentionally or unintentionally,

• Taking measures to prevent others from seeing information classified as "Confidential" and "Highly Confidential" by adhering to the "Clean Screen / Clean Desk" principles in the working areas of personnel,

• Reporting all actual or suspected breaches of information security and taking preventive measures to avoid recurrence,

• Systematically assessing, processing, and reducing the risks related to information assets to acceptable levels,

• Complying with all laws and regulations related to Information Security in our country,

• Providing training to all employees involved in processes within our scope to enhance their technical and behavioral competencies and raise information security awareness,

• Providing the necessary resources for the implementation, maintenance, and improvement of ISMS,

• Offering all necessary management support for the effective conduct of ISMS activities.

In this context, all our company employees, stakeholders who have access to or have authorization to access Baykal Makine's information assets, Third Parties, and suppliers are responsible for complying with our main information security policy.