INFORMATION SECURITY POLICY

The Information Security Management System (ISMS) was established to protect the confidentiality, integrity and accessibility of information within ENKA by applying asset and risk management processes and to assure the interested parties of managing the risks properly. ISMS is a part of ENKA’s corporate processes and general management structure. Information security processes were taken into consideration in the design and controls of information systems and scaled in accordance with ENKA’s needs.

ENKA has taken the ISO 27001: 2013 standard as reference in accordance with its scope of ISMS. This standard is used effectively in company processes to demonstrate the ability of ENKA to meet the information security requirements for the internal and external stakeholders. The Corporate Information Security Policy refers to the requirements, definitions, rules, practices, responsibilities and workflows that are prepared according to the related laws and standards based on the business requirements compatible with and supports ENKA corporate business objectives.

In this regard, ENKA Senior Management, in all of its company operations that are carried out in the light of its vision to be one of the best and innovative companies among the engineering and construction companies serving worldwide, and in line with its mission to design, build and deliver safe, high-quality and cost-effective construction projects, has made a commitment to ensure the security of the information of ENKA and its stakeholders, to protect information assets, to meet information security requirements and expectations within the scope of applicable requirements and international standards, to improve information security performance by systematically managing risks, to ensure infrastructure and operational security, and to assure that all employees will operate within the framework of the company information security policies and procedures.

The information security policy developed for this purpose will provide the following primary requirements:

1. Context of the Organization

• • Determine internal and external issues
  • Evaluate interested parties and external issues
  • Ensure compliance with legal and regulatory requirements and contractual obligations

2. Leadership & Management

• • Define information security objectives
  • Provide protection of corporate knowledge
  • Support continual improvement in information security
  • Establish the information security organization

3. Planning

• • Plan how to achieve information security objectives
  • Evaluate the effectiveness and risks of activities
  • Manage and take precautions to primary risks

4. Support

• • Allocate the necessary resources for the establishment, implementation and continous improvement of the information security management system
  • Promote trainings for the development of competencies that may affect the information security performance
  • Raise the awareness of ENKA employees and stakeholders responsibility of information security management system (ISMS)
  • Provide management of documents and records containing corporate information

5. Operation

• • Ensure that the processes are performed as planned
  • Review the risks and controls as a result of the planned changes
  • Protect the information assets in both electronic and physixal environments

6. Assessment & Improvement

• • Monitor and measure the performance, adequact, conformity and efficiency of ISMS
  • Monitor, report and evaluate information security event
  • Perform regular audits
  • Build an ISMS structure which will not allow the recurrence of non-conformities
  • Perform the monitoring, measuring, evaluation and reviewing activities
  • Meet the requirements of ISO 27001 Standard