Quality Certificates

INFORMATION SECURITY MANAGEMENT SYSTEM POLICY

(ISO 27001:2022 & ISO 27701:2019)

Boss Yönetişim Hizmetleri A.Ş. adopts as a fundamental principle, in all activities carried out within the scope of Payroll, Human Resources Management and Consultancy, and Payroll and HR Software, the protection of information assets and personal data, the maintenance of the trust of its customers and relevant stakeholders, and the support of business continuity.

Accordingly, our company establishes, implements, maintains, and continuously improves its processes within the scope of the ISO 27001 Information Security Management System (ISMS) and the ISO 27701 Personal Data Management System (PDMS/PIMS).

As Boss Yönetişim Hizmetleri A.Ş.;

• We commit to protecting the confidentiality, integrity, availability, and privacy of information assets and personal data.
• We conduct our information security and personal data management practices in compliance with all applicable requirements, including applicable legislation (the Law on the Protection of Personal Data No. 6698 (KVKK) and related regulations), customer requirements, and contractual obligations.
• Within the scope of the ISMS and PIMS, we include all business processes carried out by our company, our employees, customers, suppliers and solution partners, and all relevant parties that may be affected by our business outcomes.
• We record all company assets within the scope of the Asset Inventory, classify them, assign ownership; and manage access to information assets based on authorization principles. We keep the asset inventory up to date in line with changing needs and risks.
• We systematically assess information security and personal data risks; determine, implement, and monitor the effectiveness of the necessary controls to reduce risks to acceptable levels.
• In the processing of personal data, we act in accordance with the principles of purpose limitation, data minimization, accuracy, storage limitation, confidentiality, and security.
• In order to manage information security incidents and personal data breaches, we operate an incident management process; and, where necessary, carry out notifications to relevant parties and competent authorities in accordance with applicable legislation and contractual obligations.
• We organize training programs to increase our employees’ awareness of information security and the protection of personal data; clearly define roles and responsibilities and ensure the sustainability of competence.
• In our relationships with third parties, we secure information security and personal data protection requirements through contracts, monitor their implementation, and audit them when necessary.
• We monitor, measure, and analyze the performance of the ISMS and PIMS; regularly evaluate them through internal audits and management review activities, and enhance them through a continuous improvement approach.

The senior management of Boss Yönetişim Hizmetleri A.Ş. ensures the provision of the necessary resources, the establishment of objectives, the management of risks, and the adoption of this policy by all employees for the effective operation of the ISMS and PIMS. This policy provides a framework for the establishment and review of ISMS and PIMS objectives. This policy is a controlled document; it is communicated to all employees, its understanding is ensured, and it is kept appropriately accessible to relevant parties.

OUR CUSTOMER SATISFACTION POLICY

(ISO 10002:2018)

Boss Yönetişim Hizmetleri A.Ş. adopts as a fundamental management approach the enhancement of customer satisfaction and the effective, fair, and systematic handling of customer complaints in accordance with the ISO 10002 standard. Our company commits to the continuous improvement of the customer complaint handling process, its management with a transparent approach, and the preservation of customer trust.

Within this scope, Boss Yönetişim Hizmetleri A.Ş.;

• Accessibility and Transparency: Ensures that our customers can submit their complaints through easy and understandable channels; conducts the processes of receiving, evaluating, and resolving complaints in a transparent manner.
• Impartiality and Fairness: Handles complaints in an impartial, fair, and objective manner; evaluates each application with an equal approach and a sense of responsibility.
• Confidentiality and Information Security: Protects the confidentiality of customer information and complaint records within complaint handling processes; acts in compliance with applicable legislation and rules regarding the protection of personal data.
• Timely Response and Feedback: Evaluates and resolves complaints within defined timeframes and regularly informs the customer throughout the process; adopts a solution-oriented feedback approach as a principle.
• Systematic Approach and Root Cause Analysis: Manages complaints in a consistent and systematic manner; analyzes root causes to prevent recurrence and plans and implements the necessary corrective and improvement actions.
• Employee Competence and Customer-Oriented Culture: Supports all employees in enhancing their customer communication skills and complaint management competencies; encourages the adoption of a customer-oriented approach as part of the corporate culture.
• Monitoring, Measurement, and Continuous Improvement: Regularly monitors and analyzes complaint resolution processes, performance indicators, and process improvement activities, and reviews them for the purpose of continuous improvement.
• Evaluation of Customer Feedback: Our company records, evaluates, and reflects into appropriate improvement initiatives not only complaints but also suggestions, requests, satisfaction notifications, and all other feedback received from customers, with the aim of enhancing customer satisfaction.

The senior management of Boss Yönetişim Hizmetleri A.Ş. ensures the provision of the necessary resources to ensure the effectiveness of the customer complaint handling process, and guarantees that this policy is adopted and implemented by all employees.

OUR QUALITY POLICY

(ISO 9001:2015)

Boss Yönetişim Hizmetleri A.Ş. adopts the Excellence Model approach in all the services it provides and regards quality as a fundamental element of its corporate culture. With the objective of becoming a leading organization in technology and quality by embracing sustainable development as a way of life, it aims to deliver services that provide the highest value to its customers as a reliable and innovative solution partner, and to ensure sustainable customer satisfaction.

Accordingly, as Boss Yönetişim Hizmetleri A.Ş.;

• We strictly comply with all applicable legislation and legal regulations, customer requirements, and contractual obligations; we always prioritize our quality approach and make no compromises on the principles of trust and confidentiality.
• With the awareness that the sustainability of customer satisfaction is directly related to employee satisfaction and competence, we provide our employees with a safe, supportive, and development-encouraging working environment, and continuously carry out training and development activities to enhance their competencies.
• In order to increase operational efficiency, manage costs, and strengthen long-term sustainability, we regularly review our processes, use our resources effectively, and continuously improve our performance.
• We work with our suppliers within a framework of mutual trust and cooperation, and establish sustainable supply relationships that support our quality objectives.
• We systematically and regularly disseminate quality awareness across all our fields of activity; evaluate the effectiveness of all processes affecting our service quality through a risk- and opportunity-based approach, and continuously improve them.
• By continuously enhancing our knowledge, competence, and creativity, we implement effective service models and technologies aligned with customer needs, and continuously improve the effectiveness of our Quality Management System (QMS).

Boss Yönetişim Hizmetleri A.Ş. sets forth through this policy its commitment to compliance with all applicable requirements, to providing a framework for the establishment of quality objectives, and to the continuous improvement of the effectiveness of the QMS. This policy is communicated to all employees, its understanding is ensured, and it is kept accessible to relevant parties.

As employees of Boss Yönetişim Hizmetleri A.Ş.; achieving our objectives of business excellence, total quality management, and zero defects is the shared responsibility of us all.

OUR BUSINESS CONTINUITY POLICY

(ISO 22301:2019)

Boss Yönetişim Hizmetleri A.Ş. commits to establishing, implementing, maintaining, and continuously improving a Business Continuity Management System (BCMS) in accordance with the ISO 22301 standard, in order to ensure service continuity; to sustain its critical activities within targeted timeframes in the event of disasters, crises, or disruptions; and to fulfill its commitments to its customers without interruption.

Our company adopts an integrated business continuity management approach aimed at being prepared for events that may affect our services, minimizing operational, financial, legal, and reputational adverse impacts, ensuring the continuity of critical operations, and safely returning to normal operational conditions after a disruption.

Accordingly, as Boss Yönetişim Hizmetleri A.Ş.;

• We prioritize human life and employee safety under all circumstances; and acknowledge that ensuring the safety of life is the primary objective in emergency situations.
• We identify risks that may affect service continuity, define critical activities and priorities in line with business impact analyses; and carry out the necessary planning and preparations to ensure the sustainability of these activities within targeted timeframes.
• We ensure that business continuity plans to be activated during disruptions and crises are implemented effectively, tested at regular intervals, validated through exercises, kept up to date, and improved based on the results.
• For successful business continuity management, we conduct information and awareness activities to ensure that our employees, suppliers, and business partners are aware of their duties, authorities, and responsibilities, and have the competence to effectively fulfill these responsibilities before, during, and after a disruption.
• Within the scope of business continuity processes, we define roles and responsibilities within the company; ensure that our employees contribute to identifying the causes of disruptions in the operational processes they are involved in, developing preventive measures, and activating business continuity plans effectively and at the right time, and expect them to assume this responsibility.
• We commit to full compliance with all applicable requirements, including legal requirements, customer requirements, and contractual obligations, in the execution of business continuity activities.
• We monitor, measure, and analyze BCMS performance; regularly evaluate the effectiveness of the system through management review and other monitoring mechanisms, and continuously improve it.

The senior management of Boss Yönetişim Hizmetleri A.Ş. ensures the provision of the necessary resources for the effective operation of the Business Continuity Management System, the establishment of objectives, and the adoption of this policy across the organization. This policy provides a framework for the establishment and review of BCMS objectives.

This policy is communicated to all employees, its understanding is ensured, and it is kept appropriately accessible to relevant parties.

OUR INTEGRATED MANAGEMENT SYSTEMS POLICY

(ISO 9001:2015, ISO 10002:2018, ISO 22301:2019, ISO/IEC 27001:2022, ISO/IEC 27701:2019)

As Boss Yönetişim Hizmetleri A.Ş.; we conduct our activities based on quality, trust, and sustainability in the services we provide to our customers. While ensuring the continuity of our services, we prioritize the protection of our information assets and personal data, the enhancement of customer satisfaction, and the continuous improvement of our business processes.

Accordingly, we manage our activities in an integrated manner in compliance with the ISO 9001 Quality Management System, ISO 10002 Customer Satisfaction Management System, ISO 22301 Business Continuity Management System, ISO/IEC 27001 Information Security Management System, and ISO/IEC 27701 Personal Data Management System standards, as well as the requirements of the Law on the Protection of Personal Data No. 6698 (KVKK).

As Boss Yönetişim Hizmetleri A.Ş.;

• We commit to conducting all our activities covering our integrated management systems (Quality, Customer Satisfaction, Business Continuity, Information Security, and Personal Data Management System) in line with this policy.
• In accordance with the principles of quality, security, and sustainability, we provide services at high standards that meet the needs and expectations of customers and relevant interested parties.
• We determine our integrated management system aims and objectives in line with the needs and expectations of relevant interested parties; plan and implement our processes to achieve these objectives and monitor their performance.
• We measure, monitor, analyze, and continuously improve our processes; and implement innovative service models and technologies in our services with a focus on customer satisfaction and continuous development.
• We handle customer feedback, complaints, and requests in an accessible, transparent, impartial, and prompt manner; and aim to enhance customer satisfaction.
• To prevent the recurrence of complaints, we conduct root cause analyses; ensure the sustainability of service quality by implementing corrective and improvement actions, and take actions to eliminate the causes of complaints.
• We always prioritize human life and employee safety in the event of potential crises, disasters, or disruptions.
• In order to ensure the continuity of critical activities, we establish business continuity plans, regularly test them, keep them up to date, and evaluate their effectiveness; and make the necessary improvements based on the results.
• To minimize the operational, financial, legal, and reputational impacts of disruptions, we identify risks, plan the necessary resources, and take proactive measures.
• We protect our information assets and all data in line with the principles of confidentiality, integrity, and availability; and systematically manage information security risks.
• We process personal data (PD/PII) securely within the framework of the Law on the Protection of Personal Data No. 6698 (KVKK) and related legislation; and adopt the protection of privacy as a fundamental principle.
• We operate the necessary processes to prevent and manage personal data breaches; and evaluate and finalize data subjects’ applications and requests in accordance with the relevant procedures.
• We ensure full compliance with all applicable laws, regulations, legislation, contractual obligations, and customer requirements; and conduct our activities in accordance with ethical principles.
• In the event of any conflict between legal compliance processes and integrated management system arrangements, legal legislation shall prevail; and the relevant policies and procedures shall be updated accordingly.
• We support training and development activities to enhance the awareness and competence of our employees; and strengthen participation and team spirit.
• We work in trust-based cooperation with our external providers/suppliers and business partners; and monitor their alignment with integrated management system objectives.
• We take environmental and climate change impacts into consideration; act with a sense of social responsibility, and pay due attention to the use of environmentally friendly and, where possible, recyclable materials in our activities.
• We ensure that this policy is communicated to employees, external stakeholders, and all relevant parties, and aim to increase awareness.
• We evaluate the performance of our integrated management systems through internal audits and management review activities; and improve our systems through a continuous improvement approach.

Our senior management commits to providing the necessary resources to ensure the effectiveness of the integrated management systems, to the establishment of objectives, the review of performance, and continuous improvement.

This policy is adopted and implemented by all our employees and is published in a manner accessible to relevant parties.