Corporate Information Security Policy

Like all other contemporary companies, our Company also significantly needs information, and is carrying out its production activities by using such information in line with the corporate objectives and values. With a view to assuring information security against security gaps and vulnerabilities and associated new threats increasing by use of rapidly developing information technologies, and to maintaining business continuity, and to minimizing the in-house risks of improvement, we aim to implement the Information Security Management Systems (ISMS) in all processes, and to ensure their continuity.

To this end:
Information security and business continuity risks shall be kept at an acceptable level.
We may mention about three basic components in information security, namely:

Confidentiality – Protection of sensitive data and information against access by unauthorized persons; and
Integrity – Making sure that the information is accurate and complete; and
Accessibility – Warranting that information will be available and ready for use by the user if and when needed.

Risks arising out of corporate, physical and environmental changes, or changes caused by the developing technologies, or use of third parties, will be assessed and appropriately managed.
Corporate and customer information will be assured to be kept in strict confidence. Confidential information (wherever and howsoever it is stored) will be protected against unauthorized access, and integrity of information will be safeguarded. Information will be accessible only by authorized business processes, employees, suppliers and other related parties and stakeholders if and when deemed necessary. All related party requirements (also including legal and regulatory requirements) will be met.
Protection of information will be taken into consideration while business continuity plans regarding mission critical activities are formed, continued, tested or initiated.
Information security training will be continued to be given to all employees and suppliers.
All information security breaches (actual or suspected) will be reported as an Information Security Breach Incident via BORÇELİK PostIT call system and will be studied and investigated by ISMS Committee.

All our employees are responsible for compliance with the principles and provisions set down in this document. In case of breach of any of these principles and provisions, the related personnel is sent to Borçelik Disciplinary Committee, and the punishment thereof is determined by said Committee.

A. Kerem ÇAKIR / General Manager