As KEYVAN Aviation Inc. and its employees, in order to manage any risks related to our business continuity and information assets, we commit to the following:

• Ensuring the continuation of our business operations securely by providing services to our customers according to their expectations and needs, and protecting the data of both our internal and external stakeholders,

• Prioritizing information security while ensuring efficiency in our services,

• Ensuring the participation of all employees in the development of management systems,

• Continuously following emerging technologies and products, and conveying them to customers in the most accurate way,

• Contributing to the development of the company and adopting the continuous improvement of management systems,

• Ensuring the accessibility, confidentiality, and integrity of all our physical and electronic information assets,
• Identifying the risk acceptance criteria and risks related to management systems, improving and implementing controls,

• Complying with national or sector-specific regulations, fulfilling legal requirements, meeting obligations arising from agreements, and addressing information security needs arising from our corporate responsibilities towards internal and external stakeholders,

• Reducing the impact of threats to product and service continuity and contributing to its sustainability,

• Minimizing any negative effects on information security by using the best technology available during our operations,

• Organizing training activities to raise employees’ awareness of the information security management system, and ensuring third-party companies and relevant parties effectively implement information security measures,

• Ensuring that our employees, suppliers, and visitors comply with established health and safety rules,

• Planning measurable targets for continuous improvement and achieving those targets,

• Fulfilling all responsibilities regarding the collection, processing, transfer, protection, and secure disposal of personal data/information of employees, customers, visitors, suppliers, business partners, and other relevant third parties, as per the Personal Data Protection Law No. 6698 (KVKK) and related regulations,

• Protecting against unauthorized changes, preventing inappropriate information alteration or destruction, and guaranteeing the irrejectability and authenticity of the information while preserving the integrity of all business processes, information assets, and supporting IT assets and processes,

• Ensuring authorized users can access all business processes, information assets, supporting IT assets, and processes when needed, ensuring information can be accessed and used in a timely and reliable manner,

• Ensuring that all IT-supported processes and stakeholders comply with the rules, regulations, or circulars published by Keyvan Aviation,

• Closely monitoring all operational and system changes and ensuring they align with the change management process,

• Regularly analyzing the potential impact of natural disasters (such as floods, fires, storms, etc.) resulting from climate change on the information security infrastructure, and creating disaster recovery, backup, and emergency plans to ensure resilience against these risks,

• Proactively monitoring cyber threats to protect digital assets, regularly identifying security vulnerabilities, and ensuring data security with advanced security measures,

• We commit to ensuring that all applicable information security requirements are met, and that practices related to the Information Security Management System are implemented, reviewed, and continuously improved. We will work with all our strength to become an exemplary organization in the aviation sector in terms of information security.