Information Security Policy

Aim

The purpose of this document, all COORBİZ DANIŞMANLIK A.Ş. (the “Company”) to define the information assets of the Company and the appropriate usage principles, to prevent possible information security risks and problems.

Application

COORBIZ CONSULTING INC. Within the scope of our policies for evaluation, selection and management services of sales teams;

To ensure that the activities carried out are carried out effectively, accurately, quickly and safely,
To comply with all customer conditions and legal obligations,
To be aware of the risks on the confidentiality, accessibility and integrity of all kinds of information assets belonging to our company, our customers, suppliers and business partners and to manage these risks.
To create high awareness in information security and full participation in the concept of information security throughout the company with continuity in training and consultancy,
To make it a structure that constantly improves, develops and does not allow the emergence of new risks by systematically addressing information security.

we are committed.

Internet Usage

Company information of confidential and confidential nature cannot be placed on messaging sites, social media environments, mailing lists or newsgroups on the Internet.

Except in cases authorized by the Company, no disclosures can be made about the Company to media outlets and members of the press.
In accordance with the Law No. 5651 on the Regulation of Broadcasts Made on the Internet and Fighting Against Crimes Committed Through These Broadcasts; The company keeps the specified internet access information regarding the services it provides for a period of not less than six months and no more than two years, and ensures the accuracy, integrity and confidentiality of this information.

Monitoring, Retention and Filtering

All users agree that e-mail and all communications and their use are the property of the Company and may be retained, recorded and reviewed at any time by authorized Company users to ensure and control compliance with Company security policies.

Use of computer

Users are obliged to show due care and sensitivity to the computer equipment supplied by the Company and the software on them. Personnel are also responsible for ensuring that this equipment is in good condition and available upon request. The User shall not upload any information and/or documents in the nature of personal data and/or sensitive personal data to computers allocated to him for business purposes.
Users cannot use uncontrolled internet connections that may be infected by malicious software such as viruses. All responsibility for damages that may arise as a result of using free/paid links open to the public rests with the Company personnel.

Password Usage

All access to data on personal computers is protected by user-specific personal passwords in accordance with the authorizations granted by the Company.
The User agrees that he will not reveal his password to any person inside or outside the Company, and will not attempt to obtain the personal passwords of other Company users, and will immediately notify the relevant units of any security breach, suspicious transaction and similar risks.
The relevant user is responsible for all transactions made with the personal passwords given to the user, and all damages that may occur due to these transactions are paid by the user without any objection.

Software Installation

Users should be careful not to install any software that is not properly licensed, unsuitable for business purposes, or in doubt in its functionality.

Printer Usage

Company users can print the documents required to complete their own work.

Fixed and Mobile Phone Usage

Company users will never leave corporate confidential information on a person’s answering machine or voice mail. Ensures the security of mobile phones.

Intellectual property

Whether for business or personal use; Taking unauthorized and unapproved copies of proprietary software or in-house developed software, installing software obtained from outside the company without authorization and written approval, even if I have the right to access it, and using software other than those specified as standard means violating company policies.

Company-owned or leased, etc. licensed hardware, software, version, renewal, etc. information, documents, materials and documents license agreements are used by the user in accordance with the company rules, otherwise all losses incurred and to be incurred by the Company and the licensing companies are paid by the user.

Access and Protection of Personal and Private Personal Data

The user shall process, store, share and transfer personal and special quality personal data that he/she processes on behalf of the Company holding the title of data controller pursuant to the KVKK and that he/she can access within the scope of his/her authority in accordance with the KVKK and the general or special authorizations of the Company management. knows that the Company will not share personal data with third parties for any reason, except for users with access authorization.

The user shall protect the personal data he/she processes with the protection methods determined by the Company management in accordance with their qualifications, and take all kinds of administrative and technical measures in order to prevent the unlawful processing of personal data and unlawful access to personal data, and to ensure the preservation of personal data. The user knows that he/she is responsible for all administrative, legal and penal liability arising from not taking the necessary measures, and all administrative sanctions that may be applied to the Company in case of violating the provisions of the KVKK, and all legal and penal demands that the Company users, the administration or third parties may bring against the Company. .

In addition, the user knows that the personal and sensitive personal data of the persons concerned, as well as all the information obtained in this Company, will be kept confidential after the end of the employment contract, that he will not disclose it to anyone, and that in case of his contrary behavior, all legal remedies will be taken against him.

Obligations

Avoiding transactions that will prevent or make it difficult for other users of the Company to make effective use of available resources; especially not to cause unnecessary network traffic,
Not sending mass messages on matters other than business,
To comply with the security rules created to protect computer systems against viruses, malicious software and hacker attacks and not to prevent the operation of Anti-Virus and similar protective software installed on the systems,
To respect the rules of other networks that can be accessed through the Company’s existing connections,
To comply with the license agreements of the software used in the Company,
To comply with current laws, statutes and regulations regarding communication,
Not to waste the Company’s other technological opportunities,
To prevent the individual message quota by deleting/archiving unnecessary messages,
Not to reveal their passwords to any person inside or outside the Company, not to make any attempt to obtain the personal passwords of other Company users and the passwords of shared servers,
Not to use the hardware and software that are not owned by the company without permission and not to let them into the company offices,
To protect the information on portable devices (Laptop, Handheld Terminal, Tablet, External Disk, etc.) in accordance with the relevant policies and to protect it from unauthorized access,
Personal computer, screen and keyboard and/or laptop computer, handheld computer, portable disk, telephone, etc., which have been embezzled to the user during the period employed in the Company. to return the hardware and equipment to the relevant process owners when the employment contract is terminated / terminated or left the job for any reason,
After completing the printer usage process, checking whether there are any documents left in the machine and thus ensuring the security of personal data belonging to third parties such as customers.