ARKSOFT BİLİŞİM TEKNOLOJİ TİC. SAN. A.Ş. ISMS AND QMS POLICY

The main theme of the TS EN ISO 27001:2022 and TS EN ISO 9001:2015 Information Security and Quality Management System is to demonstrate that Arksoft Bilişim Teknoloji TİC. SAN. A.Ş. provides Information Security and Quality management concerning people, infrastructure, software, hardware, user information, corporate information, information and financial resources pertaining to third parties; to secure risk management; to measure Information Security and Quality management process performance; and to regulate relations with third parties on matters related to information security.

The main theme of the Information Security and Quality Management System;

Has been determined to cover all software used within the scope of Arksoft Bilişim Teknoloji TİC. SAN. A.Ş., all hardware and software in the management of corporate business processes, all server system elements and end-user computers, as well as all physical and electronic information assets within the scope of IT services including support and maintenance services pertaining thereto.

The purpose of our ISMS and QMS Policy in this regard is:

• To protect information assets of Arksoft Bilişim Teknolojileri against all kinds of threats that may arise, knowingly or unknowingly, from internal or external sources,
• To ensure information accessibility as required by business processes,
• To meet legal and regulatory requirements,
• To conduct continuous improvement activities,
• To ensure the continuity of the three fundamental elements of the Information Security and Quality Management System in all activities carried out:

• To address the security of not only data held in electronic environments, but all data in written, printed, verbal, and similar environments,
• To provide awareness by delivering Information Security and Quality Management training to all personnel,
• To report all actual or suspected vulnerabilities in Information Security to the ISMS Team and to ensure investigation by the ISMS Team,
• To prepare, maintain, and test business continuity plans,
• To conduct periodic assessments on Information Security to identify existing risks,
• To review and follow up on action plans as a result of assessments,
• To prevent any disputes and conflicts of interest that may arise from contracts,
• To meet business requirements for information accessibility and information systems,
• We commit to full compliance with customer and regulatory requirements.