Creditwest Bank, in order to fulfil the information security requirements arising from corporate responsibilities for internal and external stakeholders and the requirements of ISO 27001:2013 Information Security Management System Standard (ISMS), adopts the principles of protecting the personal information, trade secrets and reputation of the bank and their stakeholders and fulfils the national, international and sectoral requirements as well as the relevant legislation and standard requirements, and the obligations arising from the agreements. In this respect Creditwest Bank takes the following actions:

1. Managing and documenting the risks that may arise on the information assets of the bank and their stakeholders, and allocating the necessary resources for this purpose,
2. Protecting the integrity, confidentiality and continuity of information and for that purpose, ensuring accessibility to information assets and environments where information assets are located, within the authorizations set in ISMS standards,
3. Reducing the impact of information security threats on business/service continuity and ensuring business continuity,
4. Ensuring accountability for information security and for that purpose, determining and monitoring the responsibilities and commitments of employees and contractors and taking remedial/corrective measures,
5. Determination and implementation of necessary sanctions in case of information security breach,
6. Providing trainings to improve the competencies of the employees in order to increase their awareness,
7. Creating and keeping track records of all processes regarding the fulfilment of the above-mentioned actions and keeping them ready for inspection,
8. Following and applying up-to-date technologies and innovations in information security,
9. Ensuring the operation, protection and continuous improvement of the above mentioned Information Security Management System Standard processes, and the sustainable Information Security Management System Standard conditions.