Purpose

In accordance with the vision, mission, principles, and values of RESOLUTION7 TECHNOLOGY INC., we are committed to implementing and continuously improving our Integrated Management System, acting in line with legal and other requirements, managing risks effectively across all processes, ensuring information security and business continuity in all activities, complying with national and international legislation, managing stakeholder relations transparently and collaboratively, maintaining customer satisfaction, prioritizing customer-centricity, following technological developments, conducting design and development activities in our products/processes, and raising awareness among our employees to ensure that the requirements of the Integrated Management System are applied with the participation of all staff.

Our management systems encompass: ISO 27001 Information Security Management System, ISO 9001 Quality Management System, ISO 27701 Personal Data Processing Management System, ISO 20000 IT Service Management, ISO 22301 Business Continuity Management System, ISO 10002 Customer Satisfaction Management System, ISO 45001 Occupational Health and Safety, ISO 27017 Cloud Service Management Systems, and the ISO 15504 and ISO 33002 SPICE processes.

Scope

This policy applies to the entire company. Within the scope of the Integrated Management System established and operated under RESOLUTION7 TECHNOLOGY INC., the following processes and activities are included:

• Design of information and communication systems

• Development, installation, training, and consultancy of software, along with sales, marketing, and technical support services

• Management of personal data in compliance with legal requirements

• Assets used in activities carried out under the Integrated Management System

The Information Security Management System of RESOLUTION7 TECHNOLOGY INC. covers the following categories of assets and technologies:

• Personnel files, communication devices, and information assets

• Virtual servers (cloud systems), storage, network, security, PBX, cabling, and information assets

• Software assets consisting of applications, systems, users, and services

• Information assets used in digital transformation processes

• Administrative documents including tender and contract files, corporate and company correspondence, quality documents, and records

• Corporate and personal data of customers

Policy

What is Information Security?

Information, like other critical commercial and corporate assets, is valuable to an organization and must be protected appropriately. Information security safeguards assets against threats and risks to ensure business continuity and minimize losses.

Information security in this policy targets the protection of the following attributes:

• Confidentiality: Ensuring information is accessible only to authorized individuals

• Integrity: Ensuring the accuracy of information and processing methods, preventing unauthorized modifications

• Availability: Ensuring authorized users can access information and associated resources quickly when needed

The information security policy document defines the highest-level principles to be applied during audits to meet the above requirements.

Information Security Policy

At RESOLUTION7 TECHNOLOGY INC., ensuring legal compliance, delivering services that meet the needs and expectations of customers, suppliers, and third parties, providing access to services in a high-quality, fast, and secure manner, and enabling employees to access information assets accurately and continuously are all of utmost importance.

We have established an Information Security Management System (ISMS) in accordance with ISO/IEC 27001:2022 to protect information belonging to the company, its customers, and third parties. The purpose of the ISMS is to protect information against intentional or accidental threats from internal and external sources, and to ensure all activities are carried out efficiently, accurately, quickly, and securely.

Information security is a corporate responsibility aligned with our organizational goals. Roles and responsibilities have been defined, and responsible personnel appointed to ensure effective management of information security processes. These responsibilities cover all units using IT infrastructure, third-party users accessing information systems, and suppliers providing technical support for information systems.

With the establishment of the ISMS, the company identifies and evaluates potential risks, matches them with standard-compliant controls to reduce them to acceptable levels, and ensures the system remains active through continuous risk assessment.

Quality Policy

At RESOLUTION7 TECHNOLOGY INC., ensuring legal compliance, delivering services that meet the needs and expectations of customers, suppliers, and third parties, and providing access to services that are high-quality, fast, and secure are fundamental. Customer satisfaction is of utmost importance.

The Quality Management System is a corporate responsibility aligned with organizational goals. Our primary objectives include:

• Maximizing customer satisfaction in all products and services

• Increasing efficiency and effectiveness

• Managing resources efficiently

• Handling customer feedback effectively and continuously improving

Roles and responsibilities are defined, and responsible personnel are assigned to ensure smooth operation of quality management processes.

IT Service Management Policy

At RESOLUTION7 TECHNOLOGY INC., our IT service management policy ensures that:

• Services are provided in accordance with ISO 20000-1 Information Technology Service Management standards

• The efficiency of the Service Management System and its services is continuously improved

• IT infrastructure and continuity for all electronic operations are maintained

• Customer and stakeholder satisfaction is ensured

• Customer needs are understood, prioritized, and met accurately, ensuring coordination between service-providing units

• Structures in compliance with IT service management requirements are established, developed, and maintained

• Legal obligations are met, and risks and opportunities are managed effectively

• All IT processes are continuously improved

Business Continuity Management Policy

At RESOLUTION7 TECHNOLOGY INC., our business continuity policy ensures that services are provided according to ISO 22301 standards.

• In emergencies such as disasters or events beyond our control, we maintain and improve business continuity plans to prioritize safety first and minimize impact on services

• Drills are conducted to ensure plans function effectively in emergencies while complying with laws, policies, and customer expectations

• Analyses are carried out to identify risks that may cause service interruptions and take preventive measures

• Internal and external communications are managed effectively

• Continuity plans consider customer expectations, company policies, and legal obligations

Personal Data Protection Policy

The purpose of this policy is to explain RESOLUTION7 TECHNOLOGY INC.’s legally compliant personal data processing activities and systems adopted for personal data protection.

It ensures transparency for all individuals whose personal data are processed, including customers, potential customers, employees, job applicants, company officials, visitors, and employees or officials of partner institutions.

• Personal data processing complies with ISO 27701 Personal Data Management System standards

• Legal obligations are met, and personal data are continuously improved and risks are managed

Customer Satisfaction Policy

RESOLUTION7 TECHNOLOGY INC. ensures that customer requests and complaints are handled objectively, fairly, attentively, and confidentially.

• Issues are evaluated in compliance with legal requirements and company policy

• Necessary improvements and controls are continuously implemented to prevent recurrence

• Transparency is maintained in customer relationships

• The company adopts a customer-focused approach, prioritizing resolving dissatisfaction

Complaint Policy

• Customers are not charged for filing complaints

• Employees maintain objectivity in the complaint resolution process

• Complaints are handled fairly, impartially, and based on facts

• Customer information remains confidential and is not shared with third parties unless necessary for resolution

Occupational Health & Safety Policy

Our occupational health and safety (OHS) policy includes:

• Compliance with legal OHS regulations and requirements

• Training employees on OHS, improving skills, and raising awareness

• Taking all precautions against hazards such as fire, injury, and illness, and monitoring effectiveness

• Performing risk assessments to create safe, healthy, and ergonomic work environments

• Identifying OHS opportunities and integrating them into processes

• Setting quantitative goals, action plans, and monitoring implementation

• Promoting a culture of safe and healthy working practices

• Improving existing investments and considering OHS in new investments

• Using appropriate technological equipment and continuous improvement in OHS

• Ensuring participation at all organizational levels and with stakeholders to continuously improve OHS