1. PURPOSE

The purpose of this ISMS Policy is to specify the security requirements for MALL IQ’s secure and proper usage of information technology services and to protect Mall IQ and its users against security threats that could threaten their integrity, privacy, reputation and commercial outcomes to the greatest extent possible.

2. SCOPE

MALL IQ, in order to achieve the targeted outputs with its strategic goals, mission and vision, adopted its “ISMS Policy” within the framework of TS ISO / IEC 27001 Information Security Management System (ISMS) practices, to implement the following items in order to ensure the confidentiality, integrity and accessibility of information assets and to ensure their sustainability:

In this direction, the purpose of our ISMS Policy is:

• To plan, implement and control the ISMS by determining information security objectives and activities and to continuously improve the information security management system
• Determining how to meet the legal requirements of the “Personal Data Protection Law” (GDPR, CCPA, KVKK)
• Adoption of an integrated system of ISMS studies together with other management systems implemented by our company
• Determining duties, roles and responsibilities and necessary resources within the framework of ISO 27001 standard and ISMS application requirements
• Preparing an inventory of information assets by determining the confidentiality, integrity and accessibility criteria of ISMS
• Identification and analysis of existing and potential threats and risks and carrying out risk processing studies by adopting a risk-oriented ISMS approach
• Creation of necessary plans in order not to disrupt business continuity
• Identifying activities for continuous improvement of the integrated management system, including ISMS
• Monitoring and evaluating the latest new technologies and planning to adopt and adapt these new techniques to our organization when needed
• Taking the necessary measures and sharing them with the parties by considering the “Related Parties” within the scope of ISMS together with the relevant “INTERNAL and EXTERNAL Matters”
• Providing and implementing periodical controls in order to keep the ISMS policy accessible to all internal and external parties and to keep it up to date
• To ensure that the requirements of the “ISMS Disciplinary Procedure” are fulfilled, if necessary, by evaluating the violations that may occur in the ISMS policy and processes
• Protecting the confidentiality and ensuring the accuracy and integrity of the information, by controlling against unauthorized access;
• Making information available to authorized users when needed
• Providing the conditions determined by the law and making the information available to authorized institutions when deemed necessary
• Ensuring that the employees of Mall IQ are aware of these processes and that they comply with the relevant rules through systematic awareness processes.
• Reporting and following up ISMS violations, preventing the repetition of violations by taking necessary precautions

At MALL IQ, all information assets are defined and included in the scope of ISMS. In this respect, corporate and personal information belonging to our stakeholders and employees are also defined as assets. A Risk Analysis Plan has been prepared for possible violations and is periodically reviewed.

3. APPLICABILITY

All MALL IQ employees using the information assets defined within the scope of ISMS are responsible for acting in accordance with this policy and related ISMS procedures and instructions.

MALL IQ management undertakes to comply with the conditions of ISMS, the principles and rules of which are determined by this policy.