Information Security Objective The objective of the Information Security Policy is to prevent information security incidents and to minimize the risk of damage in order to provide business continuity and to reduce potential threats for Sağcan Truck Parts. Scope This policy covers the information assets of Sağcan Truck Parts.

The policy is applied by all employees at all locations, internal/external suppliers and internal/external contractors. Responsibility The Information Security Management Board is responsible for keeping the risks to company information assets at acceptable levels approved by senior management within the scope of the board.

Policy The goal of the Information Security Policy is to protect the information assets of the company against internal and external intentional or unintentional threats. Sağcan Truck Parts General Coordinator approved this policy.

The Information Security Policy assures all the following requirements:: Identification of processes and information assets and the methodological realization of relevant risk assessments Protection of information from unauthorized access Provision of information confidentiality Protection of the integrity of information Enabling accessibility of information whenever required for relevant business processes To fulfill legal obligations and legal obligations arising from contracts Development and improvement of business continuity plans Provision of information security training to all employees Ensure that all information security breaches or suspected violations are reported to the Information Security Management Board and reviewed accordingly Procedures and related instructions have been defined and published to support this policy.

Information security is provided by considering business needs. The Information Security Management Board ensures that this policy and all related documents are developed, documented and continuously improved.

All management staff are responsible for ensuring that the units they are managing comply with this policy and the related procedures. Compliance with the Information Security Policy is compulsory for all employees.