RISK MANAGEMENT AND ETHICS
Information Security and Privacy
*** You can check the table by scrolling to the right
|Priority Areas||2018 Goals||Performance in 2018||Status||2019 Goals|
||Information Security monitoring systems and
additional initiatives (such as 2FA) were implemented over
all CCI countries to increase security maturity.
Employees were informed about modern
information security threats and topics
through Security awareness trainings.
According to the Global Risk Report by the World Economic Forum; cyber risk is one of the major and rising risks around the globe. To address this challenge and mitigate risks, CCI owns a robust information security and privacy program with the following key elements to secure its information assets:
CCI is maintaining robust information security and privacy program with the following key elements.
Information Security Governance:
CCI runs company-wide information security governance structure that enables the effective management of potential risks and incorporates security and privacy controls into our information systems and services. Information Security Steering Committee, which consists of the Executive Committee and the security management team, acts as the governing body since 2009. CCI has implemented a comprehensive Information Security Management System (ISMS) based on the ISO 27001 ISMS standard to achieve its security objectives. CCI complies and was certified with ISO 27001 standardsin 2016 and completed the surveillance audit in 2017 and 2018.
CCI has been running a mandatory cybersecurity awareness program for all employees since 2014, thereby promoting cybersecurity awareness across the company. The awareness program reports are submitted to top management to inform them of any risk.
This awareness program includes online training, awareness posters on display at CCI work places, as well as email notifications on diverse topics such as phishing, travel security, URL security, email security, physical security.
CCI designed and implemented many initiatives aimed at ensuring compliance with the requirements of:
- Turkish Personal Data Protection Law no. 6698 (KVKK)
- Communiques published by Capital Markets Board of Turkey
- Authorized Economic Operator program of Turkish Ministry of Customs and Trade
- The Law of the Republic of Kazakhstan on Personal Data and Their Protection
Privacy and Data Protection
CCI takes precautionary measures to secure the personal information of its employees and customers. Our IT environment, security measures, policies and cyber security awareness program support compliancewith the privacy and data protection requirements.
Cyber Risk Insurance
CCI possesses cyber risk insurance to mitigate cyber-related security breach or events. Cyber risk insurance covers the cost of restoring the loss in terms of business income or reputation owing to the damage of computers and computer networks.
CCI implements TCCC’s Incident Management and Crisis Resolution (IMCR) program, which is designed to create and maintain an efficient,integrated structure for preventing and managing incidents. Implementation of the IMCR program is a key management activity and is everyone’s responsibility at CCI.
To ensure that we prevent or reduce the impact of incidents on our business, we have incident management teams in each country of operation. Each team joins our annual training sessions, and collectively work on simulations of complex incidents.
As part of the IMCR program, each country conducts the IMCR Validation program every three years, which aims to create readiness for crisis situations, build awareness, identify gaps and develop action plans for improvements.
In 2019, we plan to conduct the IMCR Validation Program in Azerbaijan, Kazakhstan, Kyrgyzstan and in Pakistan.