As information becomes one of the most important assets of the 21st century,
efforts to keep it secure are gaining parallel significance. Information
security is defined as a series of practices aiming to keep data secure
against unauthorized access or modification, both when being stored and while
being transferred from one machine or physical location to another.
Yapı Kredi manages data security in line with the defined policies and
processes. Data is categorized according to levels of confidentiality,
integrity, and accessibility. Yapı Kredi ensures the integrity and
confidentiality of data through security measures. Also, controls to identify
and prevent data leaks are designed and implemented.
The information security management system practices are performed under the
supervision of the Information Security Committee. The Committee develops,
revises, and implements the Bank’s information security policies on behalf of
the Board of Directors. The Committee reviews the relevant policies,
procedures, and processes at least once a year, and reports annually to the
Board of Directors on cyber security issues. See
here
for more information about the Information Security Committee.
When it is necessary to share data with third-party companies, Yapı Kredi
ensures that the contracts with said parties include provisions for data
security in accordance with Yapı Kredi policies and standards as well as the
Banking Regulation and Supervision Agency’s (BRSA) data safety requirements
which are expected from banks and concern the procurement of support services,
as specified in the "Regulation on Information Systems and Electronic
Banking."
In order to raise awareness, all employees receive information security
awareness training, which covers data security and confidentiality. In
addition to information security, awareness is raised through the training
provided to employees on Personal Data Protection Law.
Security audits
Remote working and remote working security have become top priorities for the
Bank's Information Systems Security Management. Yapı Kredi took swift
decisions to install the necessary infrastructure for remote working fully and
securely, enabling the staff to provide fast and uninterrupted remote services
to customers. Based on the principles of high-quality, responsible, and
compliant banking, Yapı Kredi has adopted compliance with the banking laws and
regulations as a particular priority. Yapı Kredi pays close attention to
developments in IT, new business models, solutions, attacks, and threats
related to cyber security, and the security regulations.
The Bank continues to review and improve its cyber security measures in
compliance with the national and international standards for protecting
customer data.
Yapı Kredi makes annual updates to the periodic training on social engineering
attacks and other known fraud methods which is given to all the customer
representatives and team leaders who are assigned to provide phone banking
services to customers. The Bank also carries out awareness-raising activities
for its employees. In addition, Yapı Kredi provides periodic remote
"Information Security" training to all its employees.
The Bank employs 24/7 monitoring and detection to identify and prevent
cyber-attacks. Security trace logs from all products are correlated to detect
and prevent potential cyber-attacks.
Yapı Kredi is subject to the regulations of the BRSA, which regulates the
banking sector in Turkey. The BRSA has issued regulations on Information
Systems and Electronic Banking Systems, which require the establishment of an
information security management system equivalent to the ISO 27001 Information
Security Management System. Yapı Kredi is audited annually by the BRSA, both
for compliance with the regulations, as well as for the Control Objectives for
Information and Related Technology (COBIT) framework. These audits are
conducted by independent third-party audit firms.
Yapı Kredi also conducts regular internal audits on data security. Yapı Kredi
implements practices in addition to those obligated by the Banking Law and
other relevant legislation, such as in-house policies like Ethical Rules and
the Code of Conduct, and the Corporate Policy on Personal Data Protection and
Processing.
To be able to view PDF documents you must have Adobe Acrobat Reader installed.
Click here to install Adobe Acrobat Reader.