TSKB implements the Information Security Management System (ISMS) based on the ISO/IEC 27001 Information Security Management System Standard to ensure information security in accordance with the laws and all legal regulations, sector regulations, obligations pertaining to agreements and business needs.

The senior management of TSKB is committed to upholding the necessary conditions for the operation of the ISMS and to continuously improve the system. To this end, the following activities are carried out;

  • Details of information security requirements and rules outlined by this policy are regulated by ISMS procedures.
  • Systems, accessed applications and devices should only be used for the conduct of the institution's business and should not be used for non-business purposes. All resources are monitored by authorized personnel at regular or non-regular intervals for safety or maintenance purposes. Penetration tests are carried out with external and internal resources.
  • To ensure security of personal data, measures are taken to comply with the relevant legal regulations, regulations and legislation.
  • An inventory of information assets is created in line with information security management requirements. Owners of information assets are assigned, classified, and security needs and usage rules are determined depending on their classification. The determined levels and protective measures are set out in the relevant procedures.
  • Steps are taken to ensure that the information of the institution is authorized only in line with the business needs and used only for the authorized purposes. Roles and responsibilities throughout the Bank are determined according to the principle of segregation of duties, and an identity verification and access management system is established accordingly.
  • In order to protect corporate information assets, risk assessment studies are carried out at certain time intervals and risks are managed by taking necessary actions accordingly.
  • The required systems are put in place to enable any information security breaches or weaknesses to be reported. Violation incident records are maintained and necessary corrective and remedial actions are implemented.

Compliance with the principles and principles set out in the Business Continuity Policies is observed in order not to interrupt its activities and responsibilities to its stakeholders in the face of any negativity to be experienced. In this context, Backup and Emergency Center environments are created and ensured to be operational when needed.