Information Technology Policy

1. Purpose

Safe Solid Certification Services Ltd. (“Company”) is committed to establishing acceptable use rules for all technology resources. These resources include, without limitation, the following equipment:

• Computers (laptops, desktops, mobile devices, servers, etc.)
• Network equipment (routers, wireless devices, fiber optic lines, etc.)
• Audio/visual equipment (cameras, projectors, security cameras, scanners, printers, etc.)
• Software (operating systems, application software, etc.)
• Information assets (storage solutions, web servers, email and social media accounts, etc.)

This policy applies to all employees, contract staff, contractors and subcontractors of the Company, including third parties. All devices owned or leased by the Company fall within the scope of this policy.

While the Company affords a reasonable degree of autonomy and privacy, users must acknowledge that all hardware, network infrastructure and software applications are Company property and shall be used strictly for official purposes. All data must be handled accordingly and protected against unauthorized access.

2. Acceptable Use

The following activities set out the general rules for acceptable use of Company resources:

• All passwords used to access Company systems shall be stored securely and protected against unauthorized access.
• User accounts shall never be shared. Each user is fully responsible for activities conducted through their own account.
• Personally identifiable information shall not be transferred to external storage media or cloud services.
• All computers connected to the Company network shall be protected by up-to-date anti-virus software.
• Email attachments from unknown senders shall not be opened.
• All official correspondence shall be executed through Company email accounts.
• Social media platforms or chat applications shall not be used within the scope of business processes.

3. Prohibited Activities

Under no circumstances may Company personnel engage in activities that violate local or international laws. The following actions are strictly prohibited:

• Breaching copyright or intellectual property rights (including the use or distribution of unlicensed software).
• Copying or distributing copyrighted materials without authorization.
• Exporting software, technical knowledge or encryption technologies without permission.
• Introducing malicious software or harmful code into Company systems.
• Sharing account passwords or permitting others to use them.
• Transmitting inappropriate or harassing content within the workplace.
• Submitting fraudulent or misleading offers while using Company accounts.
• Attempting to access data or systems without authorization.
• Conducting unauthorized network monitoring or disabling security controls.
• Circumventing authentication mechanisms or firewalls.
• Sending unsolicited email (spam) or harassing communications.
• Modifying or falsifying email header information without authorization.

4. Password Security

Password security is critical to the integrity of information systems. Users shall comply with the following rules:

• Passwords shall not be based on easily guessable or personal information.
• Commonly used weak passwords shall be avoided.
• Passwords shall not be reused.
• Passwords shall not be stored in plain text, whether physically or digitally.
• Only approved password management software provided by the IT administrator shall be used.
• Passwords shall be memorised and never shared.
• A distinct password shall be used for each system or application.

Password policies are reviewed regularly and personnel receive periodic security awareness training.

Ba�ak ERDEM
General Manager

In the event of any legal dispute, the Turkish version of this document shall prevail.