INFORMATION SECURITY POLICY

One of Eczacıbaşı Holding's top priorities is ensuring the security of all data belonging to our companies, our employees, our stakeholders, our company sites, and our corporate data processing operations by considering confidentiality, integrity and availability.

Accordingly, Eczacıbaşı Holding fulfills all the conditions foreseen by laws, standards, and our corporate policies and procedures with respect to information security and related issues.We operate an Information Security Management System that complies with the ISO / IEC 27001 standard, where applicable requirements for information security are met.

To ensure full compliance with and continuous improvement of the Eczacıbaşı Holding A.Ş. Information Security Management System, we conduct internal audits and consider the results at the senior management level. As part of this, we establish and operate in-process control mechanisms based on the principle of segregation of duties to ensure and continuously enhance information security.

By developing risk management processes, we proactively identify, analyze, mitigate, and manage information security risks. We conduct systematic risk assessments to prevent potential problems that may arise during implementation.

To protect our information assets, we keep the activities of storing, transferring, modifying, accessing, and processing these assets under control, based on the best practices available. Embracing a cyber resilience approach, we actively monitor emerging technologies and cybersecurity threats. We implement the most up-to-date security measures to enhance organizational resilience and ensure preparedness for a fast and effective response to potential cyberattacks.

We inform our employees and stakeholders about our information security policies and procedures and provide them with the necessary resources and training to ensure access and compliance.
When selecting suppliers and business partners, we take into account their performance in information security. We collaborate with both our stakeholders and official institutions and individuals on matters related to the Information Security Management System.

To detect and report information security breaches and to take timely action in response, we establish the necessary organizational structure, resources, and infrastructure, and implement the required actions in the event of such incidents.