As a technology company developing artificial intelligence-supported solutions in the field of dental radiology, CRANIOCATCH MEDICAL AND DENTAL INFORMATION TECHNOLOGIES INC. considers the protection of highly sensitive information assets in its field of activity as its primary responsibility. It undertakes to protect all information assets contained in its critical systems in accordance with the principles of confidentiality, integrity, and accessibility; to work in full compliance with national legislation, international standards, and contractual obligations within the framework of information security; to establish, manage, maintain, and continuously improve an Information Security Management System (ISMS) based on a risk-based approach and in line with the company’s purpose.

Accordingly, our company's objectives for ensuring information security are listed below:

1. Protection of Information Assets

• To protect the Company's information assets against any internal or external, intentional or unintentional threats.
• To ensure the integrity and accuracy of datasets used, processed, or produced in our artificial intelligence systems.
• To ensure accessibility to information as required by business processes, to meet legal regulatory requirements, and to carry out continuous improvement efforts.
• To prevent unauthorized or unauthenticated access, use, modification, disclosure, destruction, transfer, and damage to the information assets provided for use, in accordance with the fundamental elements of information security: confidentiality, integrity, and availability.
• To ensure the security of all data, not only in electronic environments but also in written, printed, verbal, and similar environments.

2. Protection of Personal Data

• To ensure the processing of personal data in accordance with Law No. 6698, secondary regulations, and the European Union General Data Protection Regulation (GDPR).
• To undertake the necessary efforts to ensure the privacy and confidentiality of all individuals' data in accordance with the legislation.
• To implement and keep updated technical and administrative measures such as anonymization, encryption, and access control.
• To provide Information Security Management and Personal Data Protection Law (KVKK) trainings to all employees for awareness.

3. Artificial Intelligence and Digital System Security

• To ensure the security of datasets used to train artificial intelligence algorithms and to guarantee the traceability of the operations performed on these data.
• To regularly perform cybersecurity tests (e.g., penetration tests) of digital components in our products.
• To follow the principle of “security by design” in software development processes.

4. Risk Management and Incident Response

• To evaluate all actual or suspected vulnerabilities targeting Information Security within the scope of information security incident management, and to ensure that the activities for updating existing controls or implementing new controls are carried out as soon as possible based on these evaluations.
• To carry out risk assessments for all information assets and to determine special control measures for critical assets based on the identified risks.
• To effectively detect suspicious situations targeting information security, activate incident response plans, and conduct root cause analyses after the incident.
• To establish disciplinary procedures and reporting mechanisms against violations.

5. Business Continuity and Disaster Recovery

• To prepare, maintain, and test business continuity plans.
• To create, test, and constantly update plans for threats that may interrupt business continuity.
• To implement data backup strategies and make security agreements for outsourced systems under disaster recovery scenarios.

6. Training, Awareness, and Compliance

• To ensure that Company personnel approach information security consciously, fulfill their duties in their areas of responsibility, and pay the utmost attention to the published policies, procedures, instructions, and announcements.
• To provide regular training on information security, KVKK, ethics, and artificial intelligence security to Company Personnel for this purpose.

In addition to the above, our Company aims to evaluate our Information Security Management System through internal and external audits, to update our policies in line with evolving technology, new legal requirements, and sectoral risks, and to ensure continuous improvement of the Information Security Management System.