Coca-Cola and Contour Bottle are registered trademarks of The Coca-Cola Company - © 2019

Risk Management And Ethics

Information Security and Privacy

 

 

Priority Areas

2019 Goals

Information Security

2018 Goals

  • To increase security monitoring capabilities.
  • To add more topics to the awareness program.

Performance in 2018

Information Security monitoring systems and additional initiatives (such as 2FA) were implemented over all CCI countries to increase security maturity. Employees were informed about modern information security threats and topics through Security awareness trainings.

Status

Achieved

  • Implement «secure-by-design» «privacy-by-design» approach in product development and lifecycle management for sustainable security culture.
  • Extend cybersecurity focus to OT/IoT to increase visibility with OT intrusion detection systems and effectively protect production systems in our plants.
  • Implement early and accurate threat detection systems by leveraging advanced deception technologies to ensure post-breach defense, contain cyber attacks, mitigate the damages thus increase cyber resilience.
  • Challenge CCI’s security maturity and resilience to sophisticated attacks by emulating attackers who use advanced tactics, techniques and procedures.

According to the Global Risk Report by the World Economic Forum; cyber risk is one of the major and rising risks around the globe. To address this challenge and mitigate risks, CCI owns a robust information security and privacy program with the following key elements to secure its information assets:

 

CCI is maintaining robust information security and privacy program with the following key elements.

Information Security Governance:

CCI runs company-wide information security governance structure that enables the effective management of potential risks and incorporates security and privacy controls into our information systems and services. Information Security Steering Committee, which consists of the Executive Committee and the security management team, acts as the governing body since 2009. CCI has implemented a comprehensive Information Security Management System (ISMS) based on the ISO 27001 ISMS standard to achieve its security objectives. CCI complies and was certified with ISO 27001 standardsin 2016 and completed the surveillance audit in 2017 and 2018.

Security Awareness

CCI has been running a mandatory cybersecurity awareness program for all employees since 2014, thereby promoting cybersecurity awareness across the company. The awareness program reports are submitted to top management to inform them of any risk.

 

This awareness program includes online training, awareness posters on display at CCI work places, as well as email notifications on diverse topics such as phishing, travel security, URL security, email security, physical security.

Regulatory Compliance

CCI designed and implemented many initiatives aimed at ensuring compliance with the requirements of:

• Turkish Personal Data Protection Law no. 6698 (KVKK)

• Communiques published by Capital Markets Board of Turkey

• Authorized Economic Operator program of Turkish Ministry of Customs and Trade

• The Law of the Republic of Kazakhstan on Personal Data and Their Protection

Privacy and Data Protection

CCI takes precautionary measures to secure the personal information of its employees and customers. Our IT environment, security measures, policies and cyber security awareness program support compliancewith the privacy and data protection requirements.

Cyber Risk Insurance

CCI possesses cyber risk insurance to mitigate cyber-related security breach or events. Cyber risk insurance covers the cost of restoring the loss in terms of business income or reputation owing to the damage of computers and computer networks.

Business Continuity

CCI implements TCCC’s Incident Management and Crisis Resolution (IMCR) program, which is designed to create and maintain an efficient,integrated structure for preventing and managing incidents. Implementation of the IMCR program is a key management activity and is everyone’s responsibility at CCI.

 

To ensure that we prevent or reduce the impact of incidents on our business, we have incident management teams in each country of operation. Each team joins our annual training sessions, and collectively work on simulations of complex incidents.

 

As part of the IMCR program, each country conducts the IMCR Validation program every three years, which aims to create readiness for crisis situations, build awareness, identify gaps and develop action plans for improvements.

 

In 2019, we plan to conduct the IMCR Validation Program in Azerbaijan, Kazakhstan, Kyrgyzstan and in Pakistan.

   CONTENT

Content & Design Consultancy: ESG Turkey™ Consultancy

             

SUSTAINABILITY REPORT 2018

Printable Full Version

SUSTAINABILITY REPORT 2018