1. Purpose:
The purpose of this policy is to clearly define the boundaries of the Information Security Management System (ISMS) implemented by Noya.

2. Scope:
In the event of any information security breach, it is essential that affected services be restored to at least an acceptable minimum operational level. The ISMS covers all managed services. The system must be considered in the creation, management, and updating of all services and business processes.

3. Implementation:
Our ISMS policy is based on the following principles:
-Managing information assets, identifying their security values, needs, and risks; and developing and implementing controls to mitigate information security risks.
-Defining a framework to identify methods for assessing information assets, their values, security needs, vulnerabilities, threats against those assets, and the frequency of such threats.
-Establishing a framework for evaluating the potential impact of threats on the confidentiality, integrity, and availability of information assets.
-Laying out principles for risk treatment and management.
-Continuously monitoring risks by reviewing technological expectations within the scope of the services provided.
-Ensuring compliance with all applicable national and international regulations, legal and statutory requirements, contractual obligations, and corporate responsibilities toward internal and external stakeholders.
-Reducing the impact of information security threats on service continuity and contributing to uninterrupted service delivery.
-Maintaining the capability to respond rapidly to information security incidents, minimizing their impact through effective and competent incident management.