Pi Makina Amblem

Legal

Information Security Management System (ISMS) Policy

Last updated: June 8, 2026

PDPLCookie PolicyInformation SocietyEnvironmental & Occupational Health and Safety Policy(ISMS) Policy
Contents

Our Commitments to Protecting the Confidentiality, Integrity, and Availability of Information Assets

Scope

This Information Security Management System (ISMS) Policy applies to Pi Makina Otomotiv Construction Machinery Marketing Import Export Industry and Trade Ltd. Co., operating in the fields of design, manufacturing, and servicing of construction machinery, industrial equipment, and steel structures.

The purpose of this Policy is to ensure the security of all physical, digital, and other information assets used within the Company's information technology infrastructure, thereby protecting Pi Makina's reliability and corporate reputation and ensuring the continuity of core and supporting business processes with minimal disruption.

This document declares that the implementation, monitoring, and enforcement of the Information Security Policy are fully supported by the Company's management, including the application of appropriate corrective and disciplinary actions in the event of security violations.

Our Commitments

In line with its mission and vision, Pi Makina is committed to ensuring the confidentiality, integrity, and availability of information within the framework of its Information Security Management System (ISMS). To achieve this objective, Pi Makina undertakes to:

•• Ensure that all individuals who use the Company's information technology infrastructure and have access to information assets protect the confidentiality, integrity, and availability of Company information during personal and electronic communications as well as information exchanges with third parties; back up information according to its level of criticality; implement security controls based on risk assessments; report information security incidents to the relevant departments; and take preventive measures against security breaches.

• Refrain from using the Company's information resources for any activities that violate the laws and regulations of the Republic of Türkiye.

• Demonstrate leadership and commitment to fulfilling applicable information security requirements and to taking all necessary measures to ensure the continual improvement of the Information Security Management System.

• Establish information security objectives and activities; plan, implement, monitor, and continuously improve the ISMS by ensuring that all necessary measures are taken.

• Define how the Company's activities comply with applicable legal, regulatory, contractual, standard, and business requirements.

• Identify and assign the necessary roles, responsibilities, authorities, and resources within the scope of the ISMS.

• Establish the objectives and principles that guide all information security-related activities across the organization.

• Assign both general and specific information security responsibilities to designated roles and personnel.

• Establish and maintain processes for managing deviations, exceptions, and special circumstances related to information security.

• Identify, assess, and manage existing and potential information security risks and implement appropriate risk treatment measures.

• Take all necessary actions to ensure that employees, suppliers, contractors, business partners, and other stakeholders comply with the Company's information security requirements.

• Ensure that this Policy is communicated, accessible, understood, implemented, and maintained throughout the organization.

© 2026 Pi Makina A.Ş. All rights reserved.

PDPLCookie PolicyInformation SocietyEnvironmental & Occupational Health and Safety Policy