MANAGEMENT COMMITMENT INFORMATION SECURITY

SunExpress Executive Management is committed to ensuring that the confıdentiality, integrity, and availability of information is assured. This includes customer, colleague, shareholder, and corporate data in all forms, both electronic and physical, that is processed, transferred or stored by the company or contracted third parties.

Compliance with relevant regulations and adhering to good practice in managing information and cyber security is among the top priorities of SunExpress Executive Management. To this end, an lnformation Security Management System (ISMS) based on ISO27001 has been established within SunExpress. it is the intent of Executive Management that SunExpress attains and maintains latest version of ISO/IEC 27001 certifıcation in recognition of SunExpress business, colleague, and management commitment to information security.

The following principles are accepted by SunExpress Executive Management as requirements for ensuring the robust management of information security across the whole organization;

• The adoption ofa risk-based approach as part ofa risk aware culture that seeks to identify threats to information assets and the remediation of control weaknesses or gaps.
• The use of internationally recognised standards and frameworks in reinforcing information security practice.
• The obligation to ensure that third parties and vendors with whom business relationships are established are equally committed to information security.
• The need to perform periodic assurance activities including health-checks, assessments, audits and control validation to ensure SunExpress information security provisions are
• The protection of all employees who provide information regarding security violations and

lnformation Security is everyone's responsibility at SunExpress and all employees are bound by lnformation Security Policies and Procedures.

January 2023

Max Kownatzki

CEO

Tuncay Eminoğlu

Deputy CEO