eFinans Service Standards

Dear Customer, 

eFinans call center; 0 (850) 250 67 50 is at your service from 09.00 to 18.30 (sundays and holiday excepted).

The problem or demands you submitted will be put in process by our solution teams in 2 work hours following your submittal within workdays and hours stated above; then within 12 work hours at the latest, information will be provided to you and necessary steps to solve the problem will be taken as soon as possible.  

In case your submission is a demand for development, you will be communicated if necessary in order to fulfill it according to our service quality; your demand will be conceptualized as a project and its realization schedule will be shared with you. 

You can follow problems or demands you submitted, using the tracking number sent to your e-mail address that is identified on eFinans following your submission. 

For cases where we cannot provide service because of problems that occur in Revenue Administration systems, we cannot give any warranties regarding the process of addressing or solving such problems that arise from systems not belonging to eFinans. 

Thank you for choosing eFinans for your business. 

INFORMATION SECURITY POLICY 

  •          To manage Information Security Processes and Information Assets that keep, process and use information; to determine security values, needs and risks of assets; to develop and implement controls regarding security risks.
  •          To set forth working principles for processing these risks.
  •          To constantly monitor risks by means of following and examining technological expectations within the scope of services provided.
  •          To fulfill information security demands resulting from governing national or sectoral regulations, meeting the requirements of legal and relevant regulations, fulfilling liabilities arising from agreements, and institutional responsibilities towards internal and external stakeholders.
  •          To reduce the effect of information security risks on business continuity and to provide business continuity.
  •          To ensure that they will have the competence to effectively and quickly intervene potential information security events and to minimize the effects of these events.
  •          To improve institutional reputation; to protect the institution from negative effects that might arise from information security failure.
  •          To develop employee's awareness regarding information security.
  •          To identify information security needs of third parties, customers and suppliers and to ensure that they comply with information security management system.
  •          To ensure protection of personal information.
  •          To determine and monitor goals and controls in order to ensure continuity of Information Security Processes.

Management Support and Review

  •          Executives support ISMS actually by means of activities they organize under ISMS Coordination Team, ISMS Internal Auditor Appointments, ISMS investment, costs and education budgets, and management review activities.
  •          Executives lead the process of reaching ISMS goals by means of complying and promoting compliance with ISMS policies and procedures.
  •          Executives express the significance of information security risk management on reputation of the institution and on continuity of the activities by means of implementing managerial activities and institutional policies. Executives asses the risks at least once in a year, and ensure continuity and sustainability of the system by means of reviewing Information Security Policies.  

ISMS Policies 

Within the scope of REM (Registered Electronic Mail); 

It is prepared according to e-Notification regulation published by Information and Communications Technologies Authority and to article 7/a of Notification Law No: 7201 and dated 11/2/1959. 

Moreover, it enables information management in accordance with TSE 27001 Information Security, BS 10012: 2009 Protection and Management of Personal Information and ISO/IEC 27031:2011 business continuity standards.  

Within the scope of e-Invoice Private Integration; 

It is prepared according to Article 232 of Tax Procedure Law numbered 213 in compliance with General Communique on Tax Procedure Law with Identification number 397 and General Communique on Tax Procedure Law with Identification number 416. 

It provides information security management in compliance with TSE 27001 Information Security Management System, ISO 22301:2012 Social Security Business Continuity Management System, ISO 20000-1:2011 IT Service Management System and ISO/ IEC 24762: 2008 Guide for Information and Communication Technologies Disaster Recovery Services.  

BUSINESS CONTINUITY POLICY  

eFinans has prepared and put plans into practice to ensure continuity of critical business processes and services and to recover its ordinary working order for all business process within planned time in case of any interruption, crisis or disaster. 

Business Continuity Policy comprises application principles stated in ISO 22301 Business Continuity Management Standard, liabilities defined through customer agreements, liabilities arising from Business Partnership Agreements and liabilities arising from law and regulations of Turkish Republic. 

The main purpose of Business Continuity Management Policy is to functionalize critical processes identified with business impact analysis and assets in minimum amount of predetermined time. In line with this purpose, strategies for first intervention and recovery following any kind of interruption will be based upon the items below. 

  •          To protect the personnel and to deal primarily with life safety.
  •          To perform a risk assessment regarding threats and deficits on critical process, component and assets.
  •          To define affected process, component and assets according to risk scenarios.
  •          To increase pace of intervention and to implement effective decision-making process.
  •          To activate processes and operations as quickly as possible.
  •          To manage internal and external communications including communication with media.
  •          To manage risks that might harm brand value and company reputation of Cybersoft and QNB Finansbank.
  •          To manage relations between stakeholders.
  •          To take necessary measures for confidentiality of personal information. 
  •          To undertake constant improvement.

Requirements for providing continuity of critical business processes and services and for recovery of ordinary state of all business processes and services within planned period of time, are indicated through service level agreements signed with supplier companies.  

Training, testing and application programs to establish Business Continuity Management System, to install it into the organizational culture, to increase awareness of employees and to ensure participation in projects are conducted.