INFORMATION SECURITY POLICY

NMQ Digital commits itself to ensure that safe access is granted for itself as well as its stakeholders; to protect the availability, integrity, and confidentiality of information; to assess and manage the risks which may potentially be generated on the information units of itself as well as its stakeholders; to protect the corporate reliability and brand image; to apply the required sanctions in violation cases; to fulfill the requirements of the national and/or international regulations; legal and legislative requirements which it is subject to; to meet the liabilities arising from contracts; to provide information security requirements resulting from corporate responsibilities towards internal and external stakeholders; to minimize the effect of business/service continuity resulting from information security; to protect and enhance the information security level with the installed controlling substructure

In order to execute this policy, NMQ Digital

• Informs all stakeholders and employees, ensures compliance with the requirements of the Information Security Management System (hereinafter: “ISMS”),

• Organizes training activities to increase the awareness of all NMQ Digital employees and related stakeholders on ISMS,

• Enables continuous and systematic evaluation and development,

• Periodically reviews NMQ Digital's ISMS framework and security policies,

• Provides the necessary assignments and resource allocation under the leadership of senior management,

• Implements a sustainable ISMS based on risk assessment and risk management,

• Does business in consideration of the ISMS’s obligations in the process of receiving and issuing services to customers and other stakeholders,

• Provides services by considering legal and regulatory requirements and security obligations related to customer contracts.

Last update: January 25th, 2023