Information Security and Quality Policy

The main topic of TS EN ISO 27001:2022 Information Security Management System and ISO 9001:2015 Quality Management System is as follows: Drupart Digital Solutions and Trading Co. Ltd. aims to demonstrate the implementation of information security management and quality management systems in the areas of human resources, infrastructure, software, hardware, user information, current information, third party information and financial resources. This also includes ensuring risk management, measuring the performance of information security management processes, and regulating relationships with third parties regarding information security.

In line with this, the purpose of our Information Security and Quality Policy is to:

• Protect Drupart's information assets from all types of threats, whether internal or external, intentional, or accidental, ensure the accessibility of information as required by business processes, comply with legal requirements and strive for continuous improvement.
• Prevent unauthorised or improper access, use, modification, disclosure, removal, transfer and damage to information assets, while adhering to the fundamental principles of confidentiality, integrity and availability.
• Secure all data, not only electronic, but also written, printed, verbal and similar, within the information security assets.
• Implement and continuously improve measures to comply with the legal requirements of Law 6698, in accordance with Drupart's founding purpose.
• Provide a certain level of protection against IP address-based attacks within the scope of services offered to customers, in accordance with the law.
• Raise awareness and provide information security management training to all staff.
• Address vulnerabilities identified by the BTK / USOM unit and take preventative measures against them.
• Ensure that Drupart personnel are conscientious in their approach to information security and diligent in the performance of their responsibilities within their areas, paying the utmost attention to published policies, procedures, instructions and announcements.
• Evaluate and manage all actual or suspected information security incidents within Drupart, updating existing controls or implementing new ones as quickly as possible.
• Develop, maintain and test business continuity plans.
• Conduct periodic information security assessments to identify current risks, review action plans based on these assessments, and monitor their implementation.
• Ensure that activities that support the objectives set out in our Information Security Policy are included in the Information Security Objectives set annually, and monitor and report on their progress throughout the year.
• Continuously improve the Information Security Management System and ensure that management reviews these improvement efforts.
• Develop customer focused and high quality software solutions, taking into account customer requirements.
• Continually improve and support our products.
• Keep abreast of rapid developments in the IT sector.
• Monitor national and international legislation as it relates to our field.
• Ensure customer satisfaction with the most appropriate products and solutions in our services.
• Valuing our employees by providing the most suitable working environment and promoting their development through continuous training.
• To be a service and consulting organisation that combines team spirit with agile project understanding and collaboration with customers.
• Adopt a philosophy of continuous improvement and development in its system, always providing services and products in compliance with legal and regulatory requirements.