Quality Certificates

INFORMATION SECURITY MANAGEMENT SYSTEM POLICY

The main theme of ISO 27001 Information Security Management System is to show that the information security is ensured in the coverage of the Payroll, HR Management and Consultancy, Personnel Hiring, Payroll and HR Software which are carried out within BOSS YÖNETİŞİM HİZMETLERİ A.Ş. (BOSS GOVERNANCE SERVICE INC.) to secure the risk management, to measure the information security and privacy process performance and to ensure the arrangement of the relationships with the third parties.

The applications relating to information security and privacy concern all of the parties that are affected by all of our work processes, employees, customers, solution partners, suppliers and the consequences of the works which we perform by means of complying with the obligations arising from the agreements and the work obligations, by means of working in coherence with the applications, laws and regulations relating to information security.

All of the assets which belong to our company are shown in the Asset Inventory. The Asset Inventory may change in the frame of the changes and developments which occur in the course of time. The information security and privacy applications are an inevitable dimension of all of the activities realized and reviewed once in a year.

The continuity of three fundamental elements of the information security management system will be ensured in all of the activities carried out.

• Confidentiality: Preventing the unauthorized accesses to the important information.
• Integrity: Showing that the accuracy and integrity of the information are ensured.
• Accessibility: Showing the accessibility to the information under necessary cases by the authorized persons, related system standards, are related with the security of all of the data in written, printed, oral and similar environments but not the data which are kept in electronic environment only.

CUSTOMER COMPLAINTS AND SATISFACTION POLICY

By means of operating the process of taking up to the customer complaints effectively, BOSS YÖNETİŞİM HİZMETLERİ A.Ş. (BOSS GOVERNANCE SERVICE INC.) targets;

• To make the undertaking of taking up the complaint carefully, with the process of taking up the complaint transparently and responsibly through which it could reach our company easily at any moment of complaint,
• To increase and make sustainable the capability of our company to solve the complaints in a constant, systematic and responsible manner and satisfying the complainant and the corporation,
• To increase the capability of our company to eliminate the tendencies, identification and reason of the complaints and to improve the quality of the service provided,
• To develop a customer-focused approach in solving the complaints which reach our company and in order to encourage the employees of BOSS YÖNETİŞİM HİZMETLERİ A.Ş. (BOSS GOVERNANCE SERVICE INC.) on the subject of improvement of their capabilities in working with the customer,
• To provide a sound foundation in order to review continuously and analyze the solution of the customer complaints and the process improvements performed.

QUALITY POLICY

Boss Yönetişim Hizmetleri A.Ş. adopts the Excellence Model approach in its services. Our goal as a corporation committed to continuous development as a lifestyle and leading in technology and quality is to offer the services that will bring utmost benefit to our customers as the best solution partner, and to ensure the sustainable customer satisfaction.

Our Main Objectives:

• Rigorously abiding by the laws and legal arrangements, to keep the quality service understanding at the forefront at all times, to make no concessions on the principles of trust and privacy, to be aware that the way to satisfying our customers passes through happiness and satisfaction of our employees.
• Providing the best working environment to our employees, to promote continuous development with trainings, and to reduce our costs, to increase our efficiency and longterm profitability, to secure our future, to work in mutual cooperation and trust with our suppliers.
• To ensure the quality awareness in all activity sites and service units in systematic and regular way, to adopt the total quality management as a lifestyle, and to improve effectiveness of all the processes that influence our service quality continuously.
• Continuously developing our knowledge and creativity for customer satisfaction, to put forth effective service models and technologies.

Realizing the business excellence and our zero error targets through Total Quality Management is the duty of all of us as the employees of Boss Yönetişim Hizmetleri A.Ş..

BUSINESS CONTINUITY MANAGEMENT SYSTEM POLICY

Boss Yönetişim Hizmetleri A.Ş aims the conformity with the requirements regarding establishment of an effective Business Continuity Management System and continuous improvement in accordance with the international standard ISO 22301.

A holistic business continuity management structure is in place at BOSS for taking effective measures in disaster, crisis or interruption situations, minimizing the operational, financial, legal and reputational negative effects, ensuring continuance of the operations which have been identified to be critical in the targeted timeframe, and reverting to the state before the crisis.

In case the events which may interrupt our services are at such extent that would endanger human life, protecting human life is of paramount importance and priority for our company.

For a successful business continuity management, all our employees, suppliers and business partners should be aware of the duties and responsibilities falling to them, implement these before and during the event, and be prepared to such events.

Responsibilities have been defined within the company for establishment and implementation of the business continuity planning and management system. The company employees are the main responsibility holders in determination of the business interruptions involving the operational processes the are part of, takin measures, and putting into effect the business continuity plan that has been created in advance also with their contributions when necessary, at the right time and free of error.

Boss Yönetişim Hizmetleri A.Ş. undertakes that the practices concerning Business Continuity and Information Security are realized, continuously developed, in conformity with all the legal requirements, reviewed, and continuously improved.

INTEGRATED MANAGEMENT SYSTEM POLICY

1. PURPOSE

The primary purpose of this policy is to establish the principles regarding the methods and processes required by the Integrated Management System (TS ISO/IEC 9001-27001-27701-22301-10002).

Customer Orientation: We provide high-quality, innovative, and tailored solutions to streamline companies' business processes and enhance their performance.

Technology and Innovation: We develop advanced technologies and support digitalization and efficiency in processes to meet the rapidly changing needs of the business world.

Social Responsibility: As a company sensitive to society and the environment, we integrate the principles of sustainable development into our business models and add value to the future with community-focused projects.

Team Spirit: We foster a corporate culture that supports the development of our employees, encourages innovative thinking, and prioritizes teamwork.

Trust and Transparency: We are committed to building long-term business partnerships based on mutual trust with our customers, without compromising ethical values in all our business processes.

As CottGroup, our goal is to lead the sustainable growth of the business world by offering innovative, reliable, and integrated solutions at global standards. As a leading brand in technology, consulting, and outsourcing services, we aim to ease our clients’ operational burdens while supporting their strategic objectives. With our high ethical values, environmental awareness, and commitment to continuous improvement, we aspire to be a solution partner that makes a difference in the business world.

Professionalism: We prioritize expertise and quality in every service we offer to our clients.

Innovation: We continuously develop innovations to adapt to the changing business world.

Sustainability: We adopt a sustainability approach in business processes, taking into account our environmental and social responsibilities.

Excellence: We strive to achieve excellence standards in all our services.

As CottGroup, we aim to address not only the current needs of the business world but also the challenges of the future. We work toward sustainable success with our locally and globally impactful services.

Confidentiality: Preventing unauthorized access to information and information assets.

Integrity: Ensuring and demonstrating the accuracy and completeness of information.

Accessibility: Ensuring authorized individuals can access information as needed.

2. RESPONSIBILITY

All our personnel are responsible.

3. APPLICATION

This Policy applies to all integrated management activities related to the Company's Legal Compliance and Quality Management System, Information Security Management System, Personal Data Management System, Business Continuity Management System, and Information Technology Service Management, and it is implemented in these activities.

1. I. Ensuring the security of personal, customer, and corporate information at the highest level by meeting the objectives and expectations of the Integrated Management System.
2. II. Operating in compliance with all applicable laws, regulations, and international standards relevant to its activities.
3. III. Promoting employee, supplier, partner, and customer satisfaction while maintaining sensitivity to the environment and climate change, with an emphasis on social responsibility.
4. IV. Continuously improving to meet the needs and expectations of the Integrated Management System by maintaining the highest standards for Quality, Information Security, Personal Data Security, Business Continuity, and Information Technologies in business processes.
5. V. Announcing this policy to all relevant internal and external parties to ensure awareness of the policies.
6. VI. Defining the framework for identifying personal data, information assets, values, security needs, vulnerabilities, threats to assets, and the frequency of those threats.
7. VII. Providing financial and personnel resources to manage risks and identify opportunities.
8. VIII. Using environmentally friendly and recyclable products in its activities whenever possible.
9. IX. Ensuring compliance between legal regulations and the Integrated Management System (IMS), updating policies and procedures to align with applicable laws and regulations in case of discrepancies.
10. X. Continuously enhancing knowledge and creativity to deliver effective service models and technologies that ensure customer satisfaction and development.
11. XI. Systematically managing complaints and resolving them in a manner that satisfies the complainant, while ensuring consistent and effective handling of grievances.
12. XII. Enhancing the capability to identify and eliminate the causes of complaints, improving the quality of services offered.
13. XIII. Minimizing operational, financial, legal, and reputational impacts in cases of disasters, crises, or interruptions, ensuring the continuity of critical operations within the targeted timeframe, and maintaining a comprehensive business continuity management structure to restore pre-crisis operations.
14. XIV. Prioritizing human life in cases where incidents threatening service continuity also endanger lives, making the protection of human life the foremost priority.
15. XV. Complying with legal requirements, relevant legislation, and contractual obligations, ensuring alignment with the requirements of the Integrated Management System.

As Boss Yönetişim Hizmetleri A.Ş., we pledge to act in accordance with this Policy and the procedures implemented under it. Changes to regulations concerning Quality, Information Security, Personal Data Security, and Business Continuity may be made with the approval of the board of directors.