We aim to minimize the risk of infringement of owned data, trade secrets, intellectual property, and patents. To this end, we take many precautions, implement strategies, and organize measures at all levels while effectively managing information technologies and operational processes to minimize cyber risks and prevent loss of reputation, revenue, market share, and brand value that may arise from information security risks and carry out projects.
We established a committee for data security and cyber security in 2019, and identified committee members, including senior management. In 2020, Koç Holding Consumer Durables’ President, one of the members of the Board of Directors, was appointed as the Board Member responsible to oversee Arçelik Global’s cyber security strategy, given his experience in this area and his active involvement in the Information Security Committee. In addition,the Cyber Security Department, operating under the umbrella of Information Technologies, determines Arçelik’s information & cyber risk profile. It also carries out existing risk control strategies and projects to reduce information and cyber risks.
We carry out our information security processes in accordance with the ISO 27001 Information Security Management Certificate which covers 39% of supply chain, information technologies, human resources, and finance operations. The main activities of our security management system include inspection, risk identification, regulation of action and corrective actions, follow-up of findings, determination of targets and opportunities, follow-up of violations, and updating of relevant legislation documents.To increase security awareness, we share guides and provide periodic information security training to all employees. In addition, we regularly conduct phishing tests to different employees at different times by changing their content.
We are managing product security with 3 different virtual teams as Red Team, Blue Team, and Purple Team which are all in Cyber Security Technology Team. One of the important issues for our sector is the cyber security of Internet of Things (IoT) products. Arçelik takes part in a working group created by Turkey’s Presidency of Defense Industries. Participating parties come together in several workshops to standardize the IoT cyber security certification criteria for the Turkish market. The cybersecurity tests of our ovens, refrigerators, and washing machines were conducted by an accredited testing laboratory, and further tests will be conducted in future according to the new certification criteria.
Through the working group created with coordination by the Presidency of Defense Industries to create a cyber security certificate for IoT-based products being sold on the Turkish market, several workshops were organized in 2021 with different companies and associations (eg. Turkish Electronics Manufacturers Association (TESİD), Electronic Devices Manufacturers Association (ECİD), White Goods Manufacturers’ Association of Turkey (TURKBESD), The Union of Chambers and Commodity Exchanges of Turkey (TOBB)) which led to the determination of the IoT cybersecurity certification criteria for Turkey. Thanks to our effort, we received Silver level approval from IASME(Information Assurance for Small and Medium Enterprises) for UK safety standards (Code of Practice) in 2021.
As of 2020, Cyber Risks Insurance Policy started to cover the cyber risks. The policy is covered the period from 2021–2022. A comprehensive policy including the risk of business interruption has been approved by reinsurers.
We receive notifications about vulnerability alerts from the e-mail address. After notifications about security concerns are accepted, we provide feedback to the notifier about how much time it will take to solve the problem. After the work is completed, we again contact the notifier and show our appreciation for their efforts on our website.