Security Policy

Our bank; By managing information security, it aims to ensure that business processes operate with the least impact against information security risks. The Board of Directors establishes an information security management system covering the entire bank, by showing the necessary determination to bring the security measures related to information systems to a sufficient level.

It ensures that all information within the Bank is stored, backed up and used in a safe and secure manner in the country, allowing access at any time. The operation of the information systems put into practice, their compliance with the strategic objectives, the effectiveness and adequacy of the controls are regularly monitored by taking into account the developments in information technologies.

The bank takes the necessary precautions against cyber attacks from outside and has a penetration test every year. Only users, parties and systems with the necessary authorization are allowed to access the system, service and data.

In ensuring information security and accessing our Bank's information systems, techniques including identity verification and authorization mechanisms, non-repudiation and assignment of responsibility are used. Our bank ensures compliance with the security requirements arising from laws, regulations and contracts regarding personal data security, intellectual property rights and license agreements.

Our bank ensures the confidentiality, integrity and accessibility of information assets and all assets related to this data, preventing accidental or deliberate damage, alteration, disclosure or loss. For this, information systems create an asset inventory, evaluate and classify assets. Our bank; ensures that the information is used in accordance with this classification. The work to identify, level, process and review the risks that may arise in relation to information assets are carried out in accordance with the Information Systems Risk Management Procedure.

Appropriate authorization and access control is established for access to databases, applications and systems. Considering the duties and responsibilities, it is essential to grant the most restricted authorization and access right.

With the information security risk assessment approach, the methods by which the information security risks of our Bank will be determined, how the risk levels will be calculated and how the risks will be evaluated are determined. The studies for defining, determining the levels, processing and reviewing the risks that may occur related to the information assets are carried out in accordance with the determined risk assessment approach.

It ensures that the systems, databases and applications used by our Bank to carry out its activities are backed up and periodic backup tests are performed. All authorized employees report all security vulnerabilities, risks and cases that they notice or suspect within the scope of business processes, a case record is created and an investigation is provided.

Our Bank prepares an information systems continuity plan to ensure the continuity of information systems services that support its activities, and ensures the protection of business processes against interruptions and risks caused by natural disasters and technical problems. The information systems continuity plan is kept up to date; Information systems are revised and updated every year or after events or changes that will affect their continuity.