ORKA d.o.o. is a software company dedicated to the development, implementation and support of the process and document management system (OWIS). The quality of products and services, as well as information security, are fundamental values ​​and an integral part of the way the Company operates.

In accordance with the context of the organization, the needs and expectations of stakeholders, and the strategic orientation of the Company, ORKA d.o.o. is committed to:

• Implement and continuously improve the quality management system and the information security management system in accordance with the requirements of the ISO 9001 and ISO/IEC 27001 standards.

• Meet all applicable legal, regulatory and contractual requirements, especially in the areas of data protection, information security and business continuity.

• Ensure a high level of product and service quality, focusing on the reliability, functionality, stability and user experience of the OWIS system.

• Protect the information assets of the Company and its clients, ensuring the confidentiality, integrity and availability of information through systematic information security risk management.

• Develop employee awareness of information quality, security and their responsibilities within the IMS, through training, communication and clearly defined roles.

• Encourage continuous improvement of processes, products and services, using the results of measurements, internal audits, management reviews and feedback from stakeholders.

• Contribute to sustainable business, including support for process digitalization and rational use of resources by users, while considering environmental factors and climate change within the business environment.

This policy represents the basis for defining information quality and security objectives, and is accessible and understandable to all employees and relevant stakeholders.

Sarajevo, 10.11.2025.

Director:

________________________

Nihad Salkić