INFORMATION SECURITY POLICY

The ErseNet Information Security Policy has been created to protect the confidentiality, integrity, and availability of the information provided by ErseNet Software ("ErseNet") within the framework of risk management processes and to assure relevant parties that potential risks are being managed appropriately.

The Information Security Policy is an integral part of ErseNet's overall management structure. Information security processes have been considered in the design of information systems and controls, and have been structured in alignment with ErseNet's needs.

The Information Security Policy established by ErseNet aims to:

1. Ensure the confidentiality, integrity, and availability of information assets, as well as maintain their continuity,
2. Limit the risks arising from the loss, corruption, or misuse of information assets and ensure compliance with relevant laws and regulations,
3. Protect information assets from any potential threats, whether intentional or unintentional, from both internal and external sources,
4. Support business strategies and corporate objectives through effective information security management. 

The Information Security Policy covers all company personnel using ErseNet’s information resources or business systems, as well as third-party service providers, business partners, and their associated support staff who have access to information based on contractual relationships with ErseNet.

In this regard, everyone who has access to ErseNet's information resources:

1. Protects the confidentiality, integrity, and availability of ErseNet’s information in personal and electronic communications,
2. Takes security measures appropriate to the risk levels,
3. Does not share internal information resources (such as announcements, documents, etc.) with unauthorized third parties,
4. Does not use company IT resources for activities that violate applicable laws and regulations,
5. Ensures the confidentiality, integrity, and availability of information belonging to customers, business partners, suppliers, and other third parties.

As ErseNet, in line with our Information Security Policy, regular training is provided to increase the information security awareness of all our employees, and our technological infrastructure is continuously improved to ensure information security.

The ErseNet Information Security Policy is aligned with the Personal Data Protection Policy.