Confidentiality of information is ensured with the:
- signing of non-disclosure agreement from all employees.
- application of protocols that the company implements with access control for each employee according to the department that works and the corresponding access granted by the installed electronic system.
- guest security protocol (guestbook, guest visitor tag, guest pick-up from the host from the reception area)
- closed monitoring system that is installed in a way that does not violate any Legislation along with the alarm system
- policy of secure destruction of documents by installing recycling paper bins for on-site destruction.
- complying with PCS-DSS security standards and requirements.
- Submission of certification of a clean criminal record for all employees within our company.
2. Policy – Quality Control Process
The company implements a Quality Management System and is in the certification process with ISO 9001: 2015
Furthermore, a systematic audit is performed by sampling the telephone conversations of the officers with the debtors via the APEX PBX telephone platform with a predefined number of checks per day.
3. Policy – Complaint Management Procedure
The complaint handling process is defined through a specific complaint and scrutiny process for all complaints with no exceptions. The company’s CEO is informed.
At the same time, in order to avoid complaints and unpleasant situations, the company strictly applies the following basic rules through each officer:
- Shall disclose his/her name, the company from which he is calling, and the organization that the company represents.
- Confirms the identity of the debtor and respects the confidentiality of communication.
- Informs the debtor of his debt in a positive way and explains the benefits of finding a solution without pressure and threats.
- Recognizes the debtor as a person with a personality who may be faced with an occasional problem.
- Understands the reasons why his debt is pending.
- No opinions are imposed on borrowers, simply the proposal of solutions.
- Is ready to listen to what the debtor has to propose.
- Does not use words / expressions that adversely affect the debtor’s psychology.
- Uses “positive” language, proverbial expressions and words during communication.
- Is willing to serve the customer and provide him with all the necessary clarifications.
- Listens carefully to the borrower and gives him time to respond without interrupting
4. Policy of Due Diligence
Verification of compliance with the legal and regulatory framework is made by continual updating procedures so that they are compatible with changes to laws and regulations.
Where necessary to change visuals on computer systems or practices, specialized training is required.
5. Security Policy & Business Planning
There are relevant policies
All IT systems including networks, servers and backup are in line with the standard “Payment Card Industry Data Security Standard” (PCI DSS) V3.1, which constitutes of a series of security standards designed to ensure that data transmission, storage and the transmission of information related to credit cards are kept in a safe, secured environment.
Server Room security: Access to the climate-controlled area is regulated by the electronic access system with a special access card that is restricted to the IT Manager and the Managing Director. Additionally a key is stored in a safe for emergency use.
Firewall: Access to and from the Internet is controlled by using a firewall / web proxy configuration configuration that is installed to meet the PCI-DSS standard. The work stations and the server are divided into sub-networks per task and have installed virus protection applications as well as continuous upgrades managed by WSUS. Access to offices is managed through a Windows Active Directory system that is configured to meet the PCI-CSS standard.
Access to / from the internet is controlled using a firewall / web proxy configuration initially installed to meet PCI-DSS. Workstations and servers are segregated into subnets by task and have Corporate Anti-Virus and Windows updates managed by WSUS. Access to workstations is managed via Windows Active Directory configured to meet PCI-DSS.
Backups: Daily backups of all files on the server (server) and automatically replicated on servers in the United Kingdom. File server backups are performed daily and automatically replicated to a site in the UK.
Disaster Recovery: The Company provides alternative office spaces in a different location with internet services, backup computers and telephone system. The APEX PBX phone system can work from different locations. Data recovery in the new equipment is taken for granted as the backups are made on a daily basis outside of the company’s premises.
6. Internal Audit Policy
The internal control policy ensures that all departments and officers work and perform their duties in accordance with the appropriate procedures.
7. Risk Management Policy
- Risk management policies are primarily related to ensuring the continuity of service delivery to customers in all circumstances.
- At this stage the Company does not run the risk of any nature, which will affect the smooth operation of its activities in the near future.
- The company has implemented a system of assessing both financial data and its operating procedures every six months with a view to identifying and recognizing the risks arising from the smooth operation of the company along with the health and safety of workers on the premises.
- If data and risk assessments are presented, the Policy ensures assessment / valuation and makes proposal to take necessary measures to reduce or eliminate the risks identified.
- Our company also has Professional Liability Insurance Coverage.
8. Manual of Internal Procedures
The Internal Procedures Manual ensures the ISO 22301: 2012 Business Continuity Model and the observance of all Procedures and Policies, regardless of the absence of any staff member.
9. Staff Training Manual
The existence of the Personnel Training Manual is an additional tool in staff training itself. Additionally, it is given the option of continual upgrading it.