Information Security Policy

As Energy Holding, it is among our top priorities to ensure the security of all kinds of data and information belonging to ourselves and our stakeholders and to preserve the security of the campuses where we carry out our activities, and our corporate information processing, by taking into account the principles of confidentiality, integrity and usability.

In this context, as Energy Holding, we fulfill the conditions stipulated by the laws, related standards, our corporate policies and procedures regarding information security. We operate an Information Security Management System that complies with the highest and most up-to-date standards, where applicable requirements for information security are met.

To ensure full compliance with Energy Holding's Information Security Management System and enable us to continuously improve our performance, we conduct internal audits and evaluate the results at the senior management level. In this context, to ensure and continuously improve security in line with the principle of separation of duties, we establish and operate in-process control mechanisms.

To protect our information assets, we vigorously control the storage, transfer, change, access, and processing of data assets in line with the best current practices. We inform our employees and stakeholders about our information security policies and procedures and provide the necessary resources and trainings to access these policies and procedures.

In the selection of suppliers and business partners, we take into account the performance of our stakeholders on information security and work in cooperation with our stakeholders, official institutions and individuals on Information Security Management System.

Energy Holding has the organizational structure, resources, and infrastructure to detect and report on information security violations and to take actions as soon as possible. We implement the necessary sanctions for information security violations.