• To protect the confidentiality, integrity and accessibility of the information assets of our institution, customers and suppliers.

• To evaluate and manage the risks that may arise on the information assets of our institution, our customers and suppliers,

• To protect the reliability and brand image of our institution,

• To apply the necessary sanctions in case of information security violation,

• To provide information security requirements arising from the national, international or sectoral regulations to which it is subject, fulfilling the requirements of the relevant legislation and standards, meeting the obligations arising from the agreements, corporate responsibilities for internal and external stakeholders,

• To reduce the impact of information security threats on business/service continuity, to ensure business continuity and sustainability,

• To maintain and improve the level of information security with the established control infrastructure,

• To provide trainings to develop competencies in order to increase awareness of information security.

We declare that we have adopted the Information Security Management System policy and undertake to carry out all our activities in accordance with this policy.