The main theme of the TS EN ISO 27001:2022 Information Security Management System (Information  Security) has been defined as covering the Information Security of GAMA Enerji A.Ş., İçanadolu Doğalgaz Elektrik Üretim ve Ticaret A.Ş., and Kremna Enerji Üretim ve Ticaret A.Ş. in terms of their energy production-related information assets, as well as the supporting industrial and office IT infrastructure, investment, procurement/mergers, business development, construction, and asset management information assets, personnel, and IT infrastructure.

In this context, the objectives of the Information Security Policy are as follows:

• To protect the information assets of GAMA Enerji A.Åž., İçanadolu DoÄŸalgaz Elektrik Ãœretim ve Ticaret A.Åž., and Kremna Enerji Ãœretim ve Ticaret A.Åž. against all kinds of threats, whether internal or external, intentional or unintentional, to ensure the availability of information as required, to comply with legal and regulatory requirements, and to engage in continuous improvement efforts.
• To ensure the continuity of the three fundamental elements of Information  Security in all activities:
• Confidentiality: Prevent unauthorized access to sensitive information.
• Integrity: Ensure and demonstrate the accuracy and completeness of information.
• Availability: Ensure that authorized individuals can access information when needed.
• To safeguard all data, including those stored electronically, in printed, written, verbal, or other similar formats.
• To raise awareness by providing Information Security Management training to all employees.
• To report all existing or suspected security vulnerabilities to the Information  Security  team and ensure their investigation.
• To identify, define, evaluate, control, and monitor relevant risks within the framework of the strategic business plan and risk management framework to establish and maintain the Information  Security.
• To prepare, maintain, test, and review business continuity plans at least once a year.
• To prevent any disputes or conflicts of interest arising from contracts.

GAMA Enerji A.Ş., İçanadolu Doğalgaz Elektrik Üretim ve Ticaret A.Ş., and Kremna Enerji Üretim ve Ticaret A.Ş. are committed to the sustainability of Information  Security (ISO 27001:2022). All employees and designated third parties defined within the Information Security are expected to comply with this policy and the Information  Security that implements this policy.