This policy covers the legal entities within Beyçelik Gestamp (Beyçelik Gestamp Otomotiv, Çelikform Gestamp, Beyçelik Gestamp Şasi and Gestamp Beyçelik Romania SRL). Beyçelik Gestamp is aware that the confidentiality, integrity and accessibility of information in all forms play a critical role in Beyçelik Gestamp's sustainable success and good management practices and that failure to ensure information security at an adequate level will increase the risk of loss of reputation as well as financial losses.

This information security policy summarizes the approach to information security management and sets out the guiding principles and responsibilities necessary to protect the security of information systems.

In accordance with TS ISO/IEC 27001 Standards in order to ensure the confidentiality, integrity and accessibility of the information it is obliged to protect;

All employees, suppliers, business partners and all other third parties who access and use information assets,

• Comply with information security policies, procedures and instructions

• Report security and incident violations to the responsible unit,

• All parties must ensure the confidentiality of the organization's information.

• Submit suggestions and improvements that they deem appropriate for the improvement of the system.

Management declares that it will prove its commitment to the installation, realization, operation, monitoring, review, maintenance and continuous improvement of the Information Security Management System (ISMS) in accordance with TS ISO/IEC 27001 Standard by realizing the following issues.

• Determining the ISMS objectives and making the necessary plan for the realization of these objectives.

• Analyzing the risks on assets and processes, making risk assessments and risk criteria depending on the results of the analysis and ensuring risk management within this framework.

• Defining the importance of meeting information security objectives and compliance with information security policies, responsibilities to laws and contracts and the need for continuous improvement.

• Providing sufficient resources to establish, implement, operate, monitor, review, maintain and continuously improve the ISMS.

• Organizing and managing the necessary work to determine the criteria for accepting risks and acceptable risk levels.

• Announcing the innovations, changes and developments within the framework of the Information Security Management System in a way to ensure the awareness of all employees and stakeholders.