Information resources are assets of great importance to TOTOMAK, such as facilities and equipment. Any person using information assets and resources or providing information is obliged to protect information assets.

All employees who use common information assets are expected to show the necessary sensitivity and act in consideration of other colleagues, corporate employees and corporate values.

As a requirement of corporate values, confidentiality is given importance and all kinds of personal information are protected by systems with the highest security standards. Information is not shared unless the owner of the information requests it, unless authorized or unless legal requirements arise.

For TOTOMAK, the most critical of all these information assets and resources, the information assets that must be carefully protected, kept confidential and accessed when needed, are the server system that contains the TOTOMAK software catalog and the system room that hosts this system.

Acting with the awareness that the information produced within the enterprise should be protected within the highest level of security understanding, TOTOMAK adheres to its mission and vision in order to manage the information in printed and electronic media, which constitutes the basis of the Information Security concept, in the light of legal legislation and using risk methods in accordance with the principles of "confidentiality, integrity and accessibility";

• Fulfill the requirements of Information Security Standards,
• To comply with all legal regulations related to Information Security,
• Identifying risks to information assets and managing risks in a systematic manner,
• To continuously review and improve the Information Security Management System,
• Performing trainings to improve technical and behavioral competencies in order to increase Information Security awareness; are envisaged as the main policies.

Information assets and resources may be located in different locations or environments. Regardless of the location or environment, customer communication requirements and corporate values determine the use of these assets and resources.

Information security is possible by ensuring not only the confidentiality of information but also its integrity and availability. The confidentiality requirement of information means that only the information assets required within the authorization are given access. Integrity of information requires ensuring the completeness and accuracy of all information assets. Availability of information means that information assets are available and usable when they are needed.

The complexity and multiplicity of needs related to the use, location and protection of information necessitates the definition of comprehensive and broad information security processes and policies. For this reason, information security risks are assessed by those responsible for the information asset in line with the determined processes, the priority of the risks is determined and the necessary measures are taken.

Ensuring the security of the system room and servers is prioritized. Efforts are made to ensure that customers receive secure and uninterrupted service by determining the asset inventory and its potential risks in advance.

In decisions and actions, importance and priority is given to the use of reliable objective information and all possibilities of technology. Actions are organized not according to intuition, emotion or what seems right, but according to objective principles laid down by scientific and technological facts. In order to achieve this, information is transferred from the most advanced sources in the world, adopted and professional practices are carried out in this direction. Resources are used efficiently, investments are made in technology and development is maintained in this direction.

For this reason, the planning, implementation, monitoring and improvement steps of the information security management system are carried out in accordance with the ISO/IEC 27001 Information Security Management System standard and the standards supporting this standard.