Emergency State Plan

Information processing systems in the context of emergency and contingency; It refers to the systems that enable intermediary institutions to carry out their activities in a normal manner, transmit and execute customer orders, carry out clearing and custody transactions, keep and track customer accounts, and transfer customer assets and cash.

Responsibility

U.Sinan DİNÇER is responsible for the implementation of the plan and his alternative is Yaşar SARIKAYA. All Strateji Menkul Değerler A.Ş personnel are responsible for the execution of the plan.

Purpose of the Plan

The purpose of this plan, emergencies and unexpected situations; To prevent the company from creating consequences that will adversely affect the normal operation of the company, to ensure that the usual services are continued during and after the emergency and unexpected situation. In the event of natural disasters, which will be evaluated within the scope of emergency and unexpected situations, the priority is to protect the life safety of personnel and customers.

In addition, System Crash, Power Outage, Fire, Earthquake, Sabotage, Air Conditioning Deterioration, Virus Entry into the System, Incorrect data from the Accounting Program used in the Financial, Operations and Clearing Transactions within the System and in which the records are kept, Hacker Attacks to our Website and thus to our Internet Branch are the main causes. constitute risk issues.

With this plan, backup scenarios that will minimally affect the current operation have been created and it is aimed to ensure the continuation of the systems with acceptable data loss prediction. Replications are made in two ways, inside the company and outside the company. Certain periods were determined according to the importance of the server and replication plans were made accordingly. Replication is made to the backup storage and servers within the company, and outside the company, it is made to our private network in Vodafone İzmir Datacenter.

If we take into account the time of the Last Replication and the Commissioning of the Backup System; A maximum of 180 minutes for RPO (Recovery Point Objective) and 120 minutes for RTO (Recovery Time Objective), ie 5 hours in total, is foreseen as a critical process.

General Operation

1) In our company (fireproof data safe), under the supervision of Doğan KAYA, the Information Technologies Department, and Seda KALELİ, the Financial Affairs and Operations Department, regarding financial statements and all kinds of records and valuable papers that we are obliged to keep in accordance with the current legislation, in printed and / or electronic media, external hard drives are kept in disk service in storage and internet environment.

2) Ensuring the continuity of the Information Technologies systems for the uninterrupted continuation of the intermediary institution's activities, taking their backups and keeping the electronic record backups in question for at least 5 years.

3) Regarding the supply and continuity of alternative communication channels with customers, on Information Technologies; Doğan KAYA, on Bonds and Bills; Cell phone numbers of Hülya ÜNLÜ, Feyza TANYEL on Stock Markets, Ufuk GÜCÜK on Derivative Transactions, Seda KALELİ on MKK and Takasbank Operations, Yaşar SARIKAYA on Financial Affairs will be announced on our company's website within the scope of the Emergency Plan. Hakan SAVAŞ and Hüseyin AKDOĞAN are responsible for logistics.

4) With regard to the supply and continuity of alternative communication channels with the intermediary institution and its employees, the home and mobile phone numbers of all the employees of the institution will be available to the personnel.

5) The brokerage house will announce the address of the alternative brokerage house when necessary.

6) In order to minimize the effects of the emergency and unexpected situation on the customer, our institution will publish the telephone numbers and necessary explanations that its customers can reach on the website and inform them via SMS if necessary.

7) When any change is required in the emergency and contingency plan and related procedures, this change will be approved by the board of directors of our company. and any existing contact information, including e-mail address, telephone and fax numbers, is kept by the Board, Borsa İstanbul, Merkezi Kayıt Kuruluşu A.Ş., İstanbul Takas ve Saklama Bankası A.Ş. and other organizations to be determined by the Board.

8) In case the brokerage house decides that it cannot continue to operate, regarding the access of customers to their accounts and the transfer of said accounts to another brokerage house; Money and shares will be transferred to an intermediary institution preferred by the customers. (here it is assumed that Borsa İstanbul, İstanbul Takas ve Saklama Bankası A.Ş, MKK, and banks continue their activities)

Measures Taken Against Possible Problems

a) Power Failure:

Necessary measures have been taken against power cuts. In the event of an interruption, the UPS is activated until the generator starts to run. The generator can handle our electricity for 2 days in its current state. On the other hand, the UPS is connected to the battery group in such a way that it can operate the system by itself for 1 hour despite any generator failure.

b) Internet and Data Line Problems:

2 different internet connections are provided for uninterrupted internet access. Necessary adjustments have been made so that when there is a problem with one of them, the other automatically takes over all the traffic. DDOS protection is obtained from the Internet Operator against DDOS attacks.

Our Borsa İstanbul data line is configured as redundant over Superonline fiber and Turk Telekom adsl. In case one of the lines goes, the traffic flow continues without any interruption on the other line. Istanbul Clearing and Custody Bank and MKK accesses also operate over Borsa Istanbul data lines.

c) Problems That May Occur in Firewall:

Firewall works actively on two different servers with a redundancy. In case of failure of any of the servers, the other server continues to run the firewall program without any problems. Program updates are followed, implemented and, when necessary, support is obtained from institutions specialized in Security Services.

d) Problems That May Occur on Web Servers:

The web server is connected to 3 physical servers with Vmware virtualization software and is kept in the storage unit. In this way, precautions were taken against situations such as hardware failure. Web server software is constantly updated and security vulnerabilities are closed instantly. A server, which is kept as a backup, is also kept ready in such a way that it can be activated in case the web server completely breaks down.

e) Problems That May Occur in Database Servers:

The database servers used are connected to 3 physical servers with Vmware virtualization software and kept in the storage unit. The database server with backup is kept ready in case of any malfunction. In addition, important updates or studies that need to be done about the database are put into use in the real environment after they are successfully carried out in the Test environment.

f) Virus etc. Problems:

All software used against the virus threat is licensed and originally purchased, and no software is allowed to be installed, except for Information Technologies. Antivirus system is available on all machines (servers and workstations). The virus list is automatically updated on a daily basis and is constantly kept up to date. In addition, a different antivirus program on the mail server also deletes the infected files sent by mail without entering the system. URL filtering applications are used to prevent users from accessing harmful sites.

g) Air Conditioning Problems:

In case of air conditioner failure in the system rooms, there are spare air conditioners as the systems will stop working. It is also monitored 24 hours a day with heat and fire detectors.

h) In Case of Fire:

There are fire detectors to control every area of the company. These detectors are connected to the security unit in the building where our company is located. Thanks to these systems, which are monitored 24/7, security units can intervene at the first moment in case of an alarm. There are fire tubes and a fire hose on the floor where our company is located. At the same time, there is an FM-200 gas fire extinguishing system in our critical system room.

i) Environment Monitoring Control:

With the Sensplorer device in the system room; Temperature, humidity, smoke, air pollution, flooding, UPS Electricity, Mains Electricity, Voltage conditions are instantly checked, and certain personnel are informed via SMS and e-mail in case of warning or alarm level. In addition, a camera system is installed throughout the company, including the system room. Retrospective 90-day records can be kept. In this way, it can be controlled remotely.

j) Backup:

Backup; It is classified in two ways as Client and Server data.

Backups of Servers and Clients are backed up to the disk pool opened on the NAS device within the company. Copies of the backups are sent to our special backup area in Vodafone İzmir DC outside the company.

With the VEEAM program, the backups of the servers running on Vmware at certain times (daily, weekly, monthly) covering all data, as well as the continuous Replication of the critical level servers at certain periods, have been defined so that they can be run separately over the backup Storage and Hosts. Our backups and replications to our private network in Vodafone İzmir DC outside the company are made periodically.

---

General Manager: Ufuk Sinan Dinçer usd@strateji.com.tr

---

Internal Control: Fatih Martı fmarti@strateji.com.tr

---

Accounting: Yaşar Sarıkaya y.sarikaya@strateji.com.tr

---

Operation: Seda Kaleli skaleli@strateji.com.tr

---

Information Technologies: Doğan Kaya dkaya@strateji.com.tr

---

Brokerage: Z. Feyza Tanyel ftanyel@strateji.com.tr

---