OTOANALİZ YAZILIM A.Ş.	Document No / Rev. No	First Issue / Rev. Date	P.No
		EY.PO.01-FR.01 Rev.01	01.08.2022 / 09.12.2024	1 / 2
INTEGRATED MANAGEMENT SYSTEM

Integrated Management System Policy

As OtoAnaliz Yazılım A.Ş., we effectively implement the ISO 27001 Information Security Management System to ensure the security of our information assets and operations and to keep information under control with confidentiality, integrity and availability criteria in the processes and locations where these assets are used; the ISO 22301 Business Continuity Management System to ensure business continuity; and the ISO 9001 Quality Management System for the products and services offered to all our stakeholders along with the benefits provided to them.

Within this scope, as the management of OtoAnaliz Yazılım A.Ş., taking into account the needs and expectations of all our stakeholders and interested parties, we commit to:

• Ensure that the Integrated Management System is operated and complied with in accordance with the laws and regulations of the Republic of Türkiye, with the ISO 27001 ISMS, ISO 22301 BCMS and ISO 9001 QMS standards, and with our Policies and Procedures,
• Continuously increase the satisfaction of our stakeholders,
• Provide products and services that comply with the terms of agreements made with interested parties — fast, accessible, cost-effective and of high quality,
• Address customer complaints within the principles of openness and fairness, and resolve them in the shortest possible time,
• Keep the information we possess under control against threats and risks, together with the criteria of Confidentiality, Integrity and Availability,
• Identify and implement appropriate controls and risk-minimizing activities based on risk management outcomes,
• Provide the resources, training and leadership required for the implementation of this policy, and communicate the policy to our employees,
• Respond to information security breaches — activating the disciplinary process where necessary — and ensure that the training, resources and infrastructure needed for the tracking and management of breach incidents are established,
• Monitor planned and unplanned disruption events, and apply recovery plans suited to the needs of our business processes,
• Carry out controls, reviews and improvements of our business continuity plans through planned drills as a precaution against possible disruptions,

	OTOANALİZ YAZILIM A.Ş.	Document No / Rev. No	First Issue / Rev. Date	P.No
		EY.PO.01-FR.01 Rev.01	01.08.2022 / 09.12.2024	2 / 2
INTEGRATED MANAGEMENT SYSTEM

• Manage our relationships with suppliers and subcontractors taking into account their impact and risks on our Information Security and Quality principles,
• Conduct activities that respect ethical values,
• Ensure the security of the personal data of customers, employees, employees' relatives, suppliers, supplier employees, visitors and all our stakeholders,
• For the continuous improvement of the Integrated Management System, monitor, review and evaluate IMS (ISMS, BCMS and QMS) performance as management, and ensure that corrective and preventive actions are carried out,
• Conduct internal audits by applying internal controls and ensure that necessary corrective and improvement actions are performed based on the results,
• Our IMS policy is made openly accessible to relevant interested parties.

OtoAnaliz Yazılım A.Ş. commits to providing all resources, continuous improvement and development for the realization of these items, which will contribute to its employees, customers and shareholders.