While risk management is overseen by the RiskIdentification Committee that works under the Board of Directors, the Enterprise Risk Management(ERM) Team works directly under the CEO and theCommittee for the Early Detection of Risk and playsa facilitating role. It is also responsible for carrying out risk assessments. The members of the ERM team are the CEO, Strategy and Business DevelopmentDirector, and Regional Directors.
Using inputs from the World Economic Forum, global questionnaires and the Coca-Cola System, the ERM conducts country- and group-level risk assessments.Risks are prioritized according to their general likelihood of occurrence, their possibility of occurring in the short run, and their potential impact.
CCI Country General Managers are responsible for risk management and mitigation. Country GeneralManagers identify priority threats and improvement opportunities according to the results of risk assessments, integrate these into Strategic BusinessPlans, and prepare risk mitigation action plans.High-priority risks are communicated to the Board of Directors Committee for the Early Detection of Risk. The results of internal inspections carried out to monitor risk mitigating plans are communicated to the Audit Committee.
CCI implements the Incident Management and Crisis Resolution (IMCR)program prepared by TCCC for the purpose of creating and maintaining an efficient and integrated structure for preventing and managing incidents.The implementation of the IMCR program is a fundamental management activity, and everyone at CCI is responsible for implementing this program.We have incident management teams in all countries of operation to prevent or mitigate the impact of incidents on our operations. Each team attends annual training meetings, at which they work on complex incident simulations. Within the scope of the IMCR program, each country conducts the IMCR Verification Program once every three years to prepare for crisis situations, raise awareness, identify shortcomings, and develop action plans for improvements.
The IMCR Verification Program was conducted inAzerbaijan, Kazakhstan, Kyrgyzstan and Pakistan in 2019. We trained crisisteams in Jordan and Iraq in 2020 and completed the verification program.Crisis management teams became part of our way of conducting our dailybusiness during the Covid-19 pandemic. In addition to prioritizing employees’health and safety, we took each managerial step carefully and diligentlywithin the framework of pandemic conditions to maintain our productionand distribution operations without interruption within the framework of ourresponsibility towards the community.
Data Security and Confidentiality
According to the WEF Global Risk Report, data fraud or theft, cyber-attacks, and the collapse of information infrastructure are among the top-10 global risks in terms of their likelihood and potential impact. At the same time, according to a Post-Covid-19 Challenges and Opportunities Report published by the WEF, the increase in global online communication, together with the Covid-19 pandemic, has the potential to bring with it important cyber-security problems. To address these challenges and mitigate the risks, CCI has a strong data security and confidentiality program with the following basic elements to secure its own information assets.
Information Security Management
CCI implements a company-wide information security management structure that ensures the effective management of potential risks and includes security and confidentiality checks of our information systems and services. The Information Security Steering Committee, consisting of the Executive Committee and the security management team, has been acting as a management organ since 2009. In order to attain its security targets, CCI implements a comprehensive Information Security Management System (ISMS) in accordance with the ISO 27001 ISMS standard. CCI obtained its ISO 27001 certificate in 2016 and has completed its security inspection every year since 2016, including 2020.
Since 2014, CCI has implemented a mandatory cyber-security awareness program for all its employees, by which it supports cyber-security awareness throughout the company. Reports of the awareness program are submitted to senior management to inform them of risks. This awareness program includes online and offline training, awareness-raising posters placed in announcement areas at CCI workplaces and corporate social network groups, and email notifications on various topics, such as phishing, travel security, URL security, email security and physical security. Also, cyber-security competitions in which prizes are given to the most active employees are organized.
Confidentiality and Protection of Data
CCI takes precautionary measures to ensure the security of the personal information of its employees and customers. Our BT environment, security measures, policies, and cyber-security awareness program promote compliance with confidentiality and data-protection requirements. CCI has achieved compliance with legislation by meeting legal requirements on the Protection of Personal Data in Turkey, and is registered with the VERBİS system. In order to keep up with new regulatory developments and maintain general compliance, the Data Protection and Digital Confidentiality Committee meets regularly and conducts spot checks for the purpose of maintaining data protection awareness, communicating the results of these spot checks to senior management.
CCI has designed and implemented numerous initiatives to ensure compliance with the following regulatory requirements:
• Law No. 6698 on the Protection of Personal Data (KVKK) and resolutions issued by the Personal Data Protection Board
• Communiques issued by the Capital Market Board
• Compliance with the Regulation on Commercial Communication and Commercial Electronic Messages under the Law on
the Regulation of Electronic Commerce, and meeting the requirement to register with the Message Management System
• Authorized Economic Operator program under the Ministry of Customs and Trade
You can check the table by dragging to right
You can check the table by dragging to right