Information Security Policy Declaration

The security, integrity and availability of all information used by KKB are protected under the Information Security Policy.

Purpose

The purpose of the Information Security Policy is to ensure and protect the confidentiality, integrity, and accessibility of all kinds of information used within the KKB. These concepts are explained below.

CONFIDENTIALITY

It is the accessibility of the information for the people or masses who are allowed to access it by law or with the consent of the owner of the information to be shared. The confidentiality of information is violated if the information can be read and/or written, changed, in short, accessed by others other than the targeted persons and audiences.

INTEGRITY

It is the accessibility of information as it is at its source, without distortion or alteration, in a consistent manner for the targeted people and masses. The fact that a piece of information is partially corrupted or partially changed means that its integrity is broken.

ACCESSIBILITY

The availability of information when it is needed. The difference from confidentiality is that it is expressed by whether the information is accessible or not, rather than who has access to it.

Scope

“Information Security Policy” covers all operations and activities, including practices, policies, procedures, standards and the Information Security Management System carried out within this scope, aimed at ensuring information security. The Policy also covers all units using KKB's information technology infrastructure, users accessing information systems as third parties, and service, software or hardware providers providing technical support to information systems.

Sanctions / Penalties

In case of non-compliance with the Information Security Policy, sanctions may be imposed in accordance with the Disciplinary Procedure, and legal proceedings may be initiated within the framework of the applicable laws regarding information systems (software security, system security, privacy and copyrights, etc.).

Responsible Parties

All personnel, guest users, and service providers who access corporate information using KKB Information Systems accept and sign the responsibilities set forth in the confidentiality agreement.

Update

The Information Security Policy is reviewed at least once a year or when necessary and, if necessary, reissued with the approval of the Board of Directors. In addition, when necessary, the points that need to be changed in the policy are evaluated without waiting for the review period and the policy is updated accordingly.

Annexes

In accordance with KKB's Information Security Policy, the rules and steps specified in the following documents, such as processes, policies, standards, etc., are operated effectively.