INFORMATION SECURITY AND PERSONAL DATA MANAGEMENT SYSTEM CHANGE MANAGEMENT POLICY

RUNIBEX TECHNOLOGY GROUP Information Security and Personal Data Management System Change Management Policy

We commit to:

  • Documenting the authorized personnel and their level of authority for making changes in information systems,
  • Establishing and maintaining an up-to-date software and hardware inventory,
  • Identifying all systems and applications that will be affected before making any changes to a system,
  • Obtaining approval from the System Support Manager before implementing any changes,
  • Creating configuration documents for all systems and ensuring that any modifications are updated in these documents to facilitate corporate change management and monitoring,
  • Conducting an assessment of potential issues and rollback plans before implementing planned changes and obtaining approval from the relevant managers,
  • Periodically reviewing the impact of technological changes on the organization’s systems,
  • Establishing and operating a request management system to manage change processes,
  • Allowing emergency changes (e.g., failure corrections, incident response, etc.) to be implemented immediately while completing the change control process retrospectively,
  • Ensuring that management takes the necessary actions in case of any violation of this policy,
  • Ensuring that management facilitates the communication and accessibility of this policy while enhancing information security awareness among employees and all stakeholders.

                                                                                                                          

Fatih OZBAGRIACIK
                                                                                                                                General Manager