Privacy policy

KEGOC applies the Information Security and Confidential Information Security Policy approved by the Board of Directors, which applies to all areas of information security and confidential information security in all areas of KEGOC's operations and in all sections of its information and telecommunication systems with due regard to KEGOC's business specifics, its organisational structure, structure and location of information systems and nature of tasks to be solved.

The main objective of KEGOC's information resources and information systems protection is to protect the subjects of information relations from possible material, physical, moral or other damage by accidental or intentional unauthorized interference with KEGOC information systems operation, or unauthorized access to the information circulating therein and its illegal use.

The main tasks to ensure information security and confidential information security are as follows

  • provision of necessary availability of information resources to ensure the necessary availability of KEGOC information resources to ensure business continuity;
  • ensure integrity of KEGOC's information resources to provide the required support of KEGOC's activities in the information field, including decision-making tasks;
  • ensuring confidentiality of information referred to KEGOC's classified information;
  • ensuring reliability and relevance of processed information;
  • establishing responsibility for the use and management of KEGOC information assets;
  • application of reasonable, cost-effective and compatible organisational and technical IS measures both for information technologies and KEGOC as a whole;
  • to approve a uniform corporate information security ethics supporting the awareness of the employees;
  • protection of legal rights of KEGOC and employees in cases of misuse or abuse of information assets;
  • protection against unauthorized actions in the processes of information systems operation;
  • delimitation of rights of access to information, servers and workstations, protection means.

The main threats to the security of information and telecommunications facilities and systems at KEGOC may include

  • unauthorised access to the information processed, stored and transmitted in KEGOC's information and telecommunication systems
  • violations of information processing technology;
  • introduction of malicious software disrupting normal operation of information and information and telecommunication systems, including information protection systems
  • destruction, damage or destruction of information processing, telecommunication and communication facilities and systems
  • Impact on password-key protection systems for automated information processing and transmission systems;
  • Destruction, damage, destruction or theft of machine and other data carriers;
  • Interception of information in data transmission networks and communication lines, processing of this information and imposition of false information.

Information resources and systems are protected by means of legal, organizational and technical (software and hardware) measures:

  • legal protection measures - contracts concluded by the owner/owner of information resources with users of information, which establish conditions for access to certain information resources and responsibility for violation of conditions for access and use of information resources, agreements on non-disclosure of confidential information, development and updating of internal regulatory documents governing cybersecurity issues;
  • Organisational protection measures - provision of a special regime of access to territories (premises) where access to information (to tangible information carriers) may take place, as well as differentiation of access to information by circle of persons and nature of information, restriction of user access rights to information systems and resources
  • technical protection measures - measures for physical protection of information systems, use of information protection means (firewalls, antivirus programmes, etc.), including cryptographic ones, as well as systems for monitoring and control of access and registration of the facts of access to information.

Security issues are aimed at reducing the risk of events caused by errors of employees, theft of information and technical resources, fraud or illegal use of resources by KEGOC employees.

Information security risk management is part of KEGOC's corporate risk management system.

The purpose of information security risk management is to ensure improvement of the quality of processes by timely identification, assessment and adoption of measures for IS risk management, providing reasonable assurance to the main internal and external stakeholders in effective risk management.

Risk management includes risk identification, risk assessment; development of risk mitigation measures; and monitoring the implementation of risk mitigation measures.

The Security Department is responsible for managing the procedure for ensuring information security and safeguarding confidential information.

All information stored, processed and transmitted through communication channels in information and telecommunication systems

KEGOC, which has not been specifically identified as the property of third parties, shall be the property of KEGOC.

KEGOC's Information Security Policy prohibits unauthorised access to the information processed, stored and transmitted in KEGOC's information systems, its disclosure, copying, modification, removal, improper use as well as unauthorised handling of the carriers of this information. In addition, KEGOC shall protect the information belonging to third parties, including the consumer, transmitted to KEGOC on a confidential basis.

When working with the suppliers, the access to the information for the suppliers shall be provided to the extent necessary and sufficient for the performance of their tasks according to the respective contract after signing the non-disclosure agreement for confidential information.

The Company's employees shall be familiarised with the requirements of KEGOC's rules and procedures, including requirements of information security and other controls, as well as trained to use information resources and information system services correctly.

An employee shall be obliged to keep confidential information that has become known to him/her in the course of work confidential, as well as to suppress actions of other persons that may lead to the disclosure of such information.

From the day of employment, an employee of the Company shall sign a non-disclosure document of information constituting confidential information.

Employees shall be liable for failure to comply with the requirements set out in the information security documents to the extent determined by the Labour Code of the Republic of Kazakhstan and internal regulations of KEGOC.

  • In order to comply with the information security policy and confidential information security, as well as to comply with the legislative norms the Company carries out
  • internal audit for compliance with the GNI and international IS standards penetration testing. Testing is carried out using a variety of methods and techniques that have been chosen to take into account the specifics of the Company and information systems.

In accordance with KEGOC JSC Personnel Administration Rules, disciplinary penalties are applied for an employee for committing a disciplinary offence/information security incident at KEGOC JSC.

KEGOC JSC conducts external and internal audits of the ISMS in accordance with the Audit Plan. The audit is conducted for all processes of the system, including compliance with the privacy policy, establishing a link between the process objectives, implementation and results of the process, identifying weaknesses and areas for improvement.

 

Hotline

Feedback