QNB eFinans Service Standards
Our QNB eFinans call center at 0 (850) 250 67 50 serves you between 09.00 - 18.30 hours, 6 days a week, excluding Sunday.
Your problem or request records will be handled by our solution groups within 2 working hours within the above working days and hours following your notification and you will be informed within a period of maximum 12 working hours and the necessary work will be started to solve it as soon as possible.
If your notification is a development request, you will be contacted if necessary, your request will be designed, and the actualization schedule will be shared with you, so that this development can be performed in line with our service quality.
You can also follow up your problem or request records from the call center by your tracking number to be sent to your company's e-mail address that is defined in QNB eFinans, following your notification.
In cases when we will be unable to provide you service due to problems with the Revenue Administration's systems, we do not make any commitment to you for handling or solving these problems arising from the systems not belonging to QNB eFinans.
Thank you for choosing QNB eFinans in your operations.
Information Security Policy
- To manage Information Security Processes, Information Assets that carry, process and use information, to determine the security values, needs and risks of assets, to develop and implement security risk controls.
- To put forward the working principles in order to handle the risks.
- To keep up with the risks by observing the technological expectations in the context of the scope served.
- To meet the information security requirements arising from national or sectoral regulations, the fulfillment of legal and applicable legislative requirements, meeting obligations originated from agreements, the institutional responsibilities for internal and external stakeholders.
- To reduce the effects of information security risks for business continuity and to ensure business continuity.
- To ensure having the competence to effectively and quickly intervene in information security events that may occur and to minimize the effects of events.
- To improve the institutional reputation; to protect the institution, from the adverse effects that may arise from the breakdown of information security.
- To improve employees' awareness of information security.
- To define the information security requirements of the 3rd parties, customers and suppliers and ensure that they comply with the information security management system.
- To protect personal information
- To identify and monitor objectives and controls in order to ensure continuity of Information Security Processes.
- The senior management actively supports the ISMS with its activities under the framework of ISMS Coordination Team, ISMS Internal Auditor assignments, ISMS investment, expense and training budgets, and management review activities.
- Senior management leads to achieve ISMS objectives by complying with and encouraging the compliance with ISMS policies and procedures.
- Senior management expresses the importance of the management of information security risks in terms of the institution's reputation and continuity of activities through administrative activities and institutional policies. Senior management evaluates risks at least once a year and ensures continuity and sustainability of the system by reviewing the Information Security Policy.
Within the scope of REM;
It was prepared based on e-Notification Regulation published by ICTA and Article 7/a of Notification Law No. 7201 dated 11/2/1959.
It also provides information management in accordance with TSE 27001 Information Security, BS 10012:2009 Protection and management of personal information and ISO/IEC 27031:2011 business continuity standards.
Within the scope of e-Invoice Special Integrator;
The General Communiqué with Order No 397 of Tax Procedure Law has been prepared on the basis of Article 232 of Tax Procedure Law No. 213, in accordance with the General Communiqué with Order No 416 of Tax Procedure Law.
TSE 27001 Information Security Management System provides information security management in accordance with the Guide for ISO 22301:2012 Social Security Business Continuity Management System, ISO 20000-1:2011 IT Service Management System and ISO / IEC 24762:2008 Information and Communication Technology for Disaster Recovery Services.
Business Continuity Policy
QNB eFinans has prepared and implemented plans to ensure the continuity of critical business processes and services, and to return all business processes to normal working order within the planned time frame in the event of an interruption, crisis or disaster.
The Business Continuity Policy covers the application principles set out in ISO 22301 Business Continuity Management Standard, the obligations determined by the customer contracts, the obligations of the Business Partnership Agreements and the obligations of the Turkish laws and legislation.The main objective of the Business Continuity Management Policy is to make the critical processes and assets determined by the business impact analysis functional at the time of any interruption for a predetermined minimum time. In parallel with this purpose, the first intervention and recovery strategies will be based on the following items.
- To protect the staff and to deal primarily with the safety of life.
- To make risk assessments of threats and vulnerabilities on critical processes, components and assets.
- To describe the affected processes, components and assets according to risk scenarios.
- To increase intervention rate and implement effective decision process.
- To activate processes and operations as quickly as possible.
- To manage internal and external communication, including communication with the media.
- To manage QNB Finansbank brand value and the risks that will damage the company reputation.
- To manage relationships between stakeholders.
- To handle the measures to protect the privacy of personal information.
- To undertake continuous improvement
Requirements for ensuring the continuity of critical business processes and services and for normalizing all business processes and services within planned times and priorities are specified in service level agreements entered into with suppliers.
Training, testing and exercises are carried out to establish the Business Continuity Management System, to embed it in the institutional culture, to raise employee awareness and to ensure participation in the works.
Standards and Certificates
- ISO 22301- International Business Safety Standard
- TS ISO IEC 27001-2013 – Information Security Management Systems
- ISO/IEC 20000-1 Information Technology Service Management System Certificate
- BS 10012:2009 Data Protection Personal Information Management System
- ISO/IEC 27031:2011 Information and Communication Technologies
- ITIL (Information Technology Infrastructure Library) Certified Staff
- Financial Seal Compliance Evaluation
- PSM (Personal Scrum Master) Certified Staff
- PSPO (Professional Scrum Product Owner) Certified Staff
A complaint is defined as a customer's dissatisfaction statement regarding the services, personnel, or process.
- Customer complaints are recorded with the complaint form on the QNB eFinans website. The customer enters his/her complaint on the form on the website.
- QNB eFinans staff member who is in contact with the customer and who receives the complaint in e-mail or verbal form will also ensure that the complaint is registered using the form on the website.
- Complaint recording on the website is communicated via e-mail to the Customer Service and Operations Manager and the Business Continuity Coordinator. The Business Continuity Coordinator records the complaint in the customer complaints list.
- The Customer Service and Operations Manager and the Business Continuity Coordinator will assess the complaint and, if necessary, initiate corrective action and transmit it to the relevant department. The corrective actions and actions for correcting the complaint are followed by the Business Continuity Coordinator.
- When the corrective action is concluded, an information e-mail will be sent to the customer regarding his/her complaint.
- The complaints and the results from the Management Review are evaluated. Based on this assessment, infrastructure, hardware, equipment, software and training needs are identified.
Major Event: A type of event that causes service interruption or service quality to be severely affected between incoming calls, which should be resolved as soon as possible and therefore prioritized over others.
|Impact and Urgency||Major Impact||Mid Impact||Minor Impact|
Immediate Change: An urgent request to make a critical arrangement in the work environment.
Emergency Version Change: The version change that should be made as soon as possible as a result of major events leading to service interruption or serious drop in service quality.