Our company operates adhering to the following core principles in the field of information security:

1. Comprehensive Management of Information Assets: Our primary responsibility is to effectively manage all our information assets (data, systems, hardware, software, trade secrets, etc.); to proactively identify their security values, sensitivity levels, needs, and potential risks; and to develop and implement effective controls against security risks.
2. Risk Identification and Assessment Framework: We will define systematic and established methods for determining the value of our information assets, their security needs, vulnerabilities, threats to these assets, and the frequency of threats. Furthermore, we will objectively analyze risks by defining a comprehensive framework for assessing the impact of threats on the confidentiality, integrity, and availability of our information assets.
3. Risk Treatment and Management Principles: We will establish clear and precise operating principles for treating identified risks and reducing them to acceptable levels. In line with these principles, we will take necessary actions to manage, mitigate, or transfer risks.
4. Monitoring Technological Expectations and Continuous Risk Monitoring: We will closely follow technological developments and expectations within our service scope, continuously monitor emerging new risks, and remain prepared against them.
5. Full Compliance with Legal and Regulatory Obligations: We commit to fully fulfilling our obligations arising from national and international regulations, legal and relevant statutory requirements, and signed agreements. We undertake to meet all information security requirements stemming from our corporate responsibilities towards internal and external stakeholders.
6. Ensuring Service Continuity: We will take necessary measures to reduce the potential impact of information security threats on our business continuity and contribute to the uninterrupted continuation of all our critical business processes.
7. Rapid Incident Response Capability for Information Security Incidents: We aim to possess the capability to quickly respond to any potential information security incident, minimize its impact, and implement necessary corrective and preventive actions to prevent recurrence.
8. Cost-Effective Control Infrastructure and Continuous Improvement: We will establish and operate a cost-effective control infrastructure to maintain and continuously improve our information security level over time. We will continuously review the effectiveness of our Information Security Management System and evaluate opportunities for improvement.
9. Protection of Corporate Reputation: We will enhance our company’s reputation, protect it from damages that may arise from information security-related negative incidents, and maintain the trust of our stakeholders.
10. Continuity of the Information Security Management System: We will ensure the sustainability of the established Information Security Management System throughout its lifecycle, maintaining its up-to-dateness through periodic audits and reviews.

As TAG Defense Top Management, we commit to providing all necessary resources and support to ensure that this Information Security Policy is understood and implemented by all our employees. Information security is the responsibility of every individual in our company.