Our aim; Within the framework of the provisions of the Company’s articles of association and other relevant legislation (TS ISO/IEC 27001 Information Security Management System Standard);

To ensure the integrity, confidentiality (protection against unauthorized access), preservation and availability of company and customer information, which are important organizational assets within the scope of the information security management system, to ensure the implementation of the risk assessment process for this purpose, to maintain business continuity in our organization and to sustain the accuracy and reliability of our information management system in our relations with all our business partners and customers.

Our targets;

• To ensure and maintain information security, the accuracy and completeness of its content, confidentiality, integrity, sustainability and accessibility of the relevant information to the relevant persons when necessary, and to ensure information security in the business processes of the company,

• To continuously monitor risks by reviewing technological expectations within the context of the service scope,

• To fulfill information security requirements arising from national or sectoral regulations to which it is subject, fulfillment of legal and relevant legislation requirements, fulfillment of obligations arising from agreements, and corporate responsibilities towards internal and external stakeholders,

• To reduce the impact of information security threats on service continuity and contribute to continuity, and to carry out improvement activities,

• To have the competence to respond rapidly to information security incidents that may occur and to minimize the impact of the incident, and for this purpose to review the currency and practices of the information security management system through internal audits to be carried out at certain intervals,

• To maintain and improve the level of information security over time with a cost-effective control infrastructure. To create a conscious and competent human resource by providing all employees with information security training opportunities,

• To ensure the systematic management of risks related to information security, to analyze security risks related to losses of confidentiality, integrity and accessibility, and to establish an effective information security risk management approach in order to reduce identified risks to an acceptable level or eliminate them,

• To improve the reputation of the institution and protect it from negative effects based on information security.

• To increase corporate awareness regarding information with different levels of sensitivity in terms of confidentiality within the scope of the company’s information security, to determine and implement the logical, physical and administrative controls recommended for information with different sensitivity levels; to define the storage and destruction rules of data in portable environments. To provide access to information in line with authorization rules according to the degree of confidentiality.

• To support our Information Security Policy with sub-systems and procedures such as “Password Management”, “Clean Desk, Clean Screen”, “Authorizations in Information Systems”, “System Backup”, “Internal and External Communication Security”, and “Network Management”.

As the Senior Management of Saba İlaç;

We undertake to establish mechanisms related to Information Systems Management and Security, to realize and supervise implementations, to ensure business continuity, and to continuously improve our information management system with the participation of all our employees.