Information and PII Security Policy

At Syntonym, we place utmost importance on safeguarding the confidentiality, integrity, and availability of all forms of information and personally identifiable information (PII). Our commitment to information and PII security stems from our understanding of how crucial it is to our sustainable success and good governance practices. We fully acknowledge that any compromise in the security of such information could lead to damage to our reputation and incurring financial losses.

This policy serves as a comprehensive guide that encapsulates Syntonym's approach and commitment to managing Information Security and Privacy. It sets forth the guiding principles, responsibilities, and strategies needed to secure our information systems and protect the PII entrusted to us.

‍

Syntonym’s management team is committed to the thorough implementation of the Information Security Management System. This includes its installation, realization, operation, monitoring, review, maintenance, and continuous improvement, all of which are aligned with the stringent requirements of the TS ISO/IEC 27001 Standard. Additionally, we also implement the Privacy Information Management System, which is in accordance with the TS ISO/IEC 27701 Standard. This dual commitment allows us to ensure the confidentiality, integrity, and accessibility of the information and PII we are obliged to protect.

‍

In conducting our AI engineering, R&D, and commercial activities, we make the following commitments:

• We commit to staying updated with the current cyber threats related to our operations, adhering strictly to the conditions and legal requirements set forth in our contracts. Our vigilance contributes to the maintenance of a secure operational environment.
• We pledge to ensure that our activities are conducted effectively, accurately, promptly, and securely. This commitment extends to meeting and exceeding the standards required by our industry.
• We promise to carry out our activities with a deep awareness of the risks associated with confidentiality, availability, and integrity when accessing both corporate and personal information assets. This includes those assets belonging to our company, customers, employees, suppliers, and business partners.
• We strive to create a corporate culture that values information security and protection of personal data. We work towards embedding the principles of the information security management system, privacy information management system, and information security awareness in all aspects of our operations.
• We guarantee to prepare, implement, and test necessary plans to ensure business continuity and service continuity. This commitment ensures that our operations remain uninterrupted and our services consistently meet the expectations of our clients.
• We pledge to assess and manage risks to our information assets, including PII and processes, in accordance with recognized risk management methodologies. This ensures we maintain a proactive stance in managing risks and preventing potential data breaches.

Finally, we remain dedicated to all our stakeholders. We commit to maintaining open lines of communication with special interest groups, allowing us to benefit from developing technologies and expertise in our sector. By doing so, we can continue to provide top-tier products and services, while maintaining the highest levels of information and personal data security.

‍

AIMS (Artificial Intelligence Management System) Policy

1. Purpose

This policy establishes the foundation of Syntonym's Artificial Intelligence Management System (AIMS), ensuring that the development, deployment, and maintenance of AI systems are conducted in a responsible, ethical, and transparent manner. It supports the organisation’s mission to deliver high-performance, human-centred, and trustworthy AI technologies with a focus on mobility, minimal computational load, and hyper-realistic outcomes.

‍

2. Scope

This policy applies to all AI-related activities, products, services, and business functions of Syntonym in both London and Istanbul operations. It is relevant to all employees, contractors, and stakeholders involved in AI system lifecycle stages including design, development, training, validation, deployment, and monitoring.

‍

3. Objectives

• Ensure AI systems align with applicable legal, ethical, and technical standards.
• Embed responsible AI principles such as transparency, accountability, privacy, and human oversight.
• Integrate AIMS into organisational processes and culture.
• Continuously improve AI practices based on risk assessments and stakeholder feedback.
• Protect human rights and avoid unintended harms from AI use.

‍

4. Governance & Responsibility

Syntonym has established an AI Governance Committee responsible for overseeing the effectiveness of AIMS. This committee includes representatives from senior management, data science, information security, legal, and compliance teams.

The committee’s responsibilities include:

• Approving AI strategy, risk treatment plans, and ethical standards
• Reviewing the impact assessments of AI projects.
• Ensuring AI risks are identified, evaluated, and managed.
• Facilitating communication and awareness across the organisation regarding AI use.

‍

5. Ethical Principles and Risk Management

Syntonym is committed to building AI systems that are:

• Lawful – complying with applicable laws, regulations, and contractual obligations.
• Ethical – respecting human autonomy, preventing harm, and promoting fairness.
• Robust – secure, reliable, and resilient throughout their lifecycle.

Risk-based thinking is integral to the AIMS. All AI systems undergo a structured impact assessment considering:

• Data privacy and protection.
• Bias, discrimination, and fairness.
• Explainability and transparency.
• Operational reliability and security.
• Potential misuse or unintended outcomes.

Mitigation actions are defined and monitored throughout the system lifecycle.

‍

6. Stakeholder Engagement

Syntonym ensures that stakeholders (users, customers, regulators, etc.) are informed and consulted appropriately. Feedback loops are integrated to ensure continuous refinement of AI systems.

‍

7. Competence and Awareness

Syntonym provides regular training and awareness programmes for all personnel involved in AI activities. These programmes cover responsible AI principles, compliance requirements, risk awareness, and technical updates.

‍

8. Continuous Improvement

The AIMS is subject to continuous monitoring, evaluation, and improvement. Syntonym sets measurable objectives and key results (OKRs) for AI performance, risk reduction, and compliance. Internal audits and management reviews are carried out regularly to ensure the system remains effective and up-to-date.

‍

9. Policy Review and Updates

This policy shall be reviewed at least annually or when significant changes occur in the regulatory landscape, company strategy, or AI technologies in use.

‍

‍