ERDEM-NEWSLETTER-2018-metin
218 NEWSLETTER 2018 policies and all the responsibilities annually, determination of the risks and performing risk management, monitoring of those events that are incompliance with the information security and evaluation of those, providing education to the employees to be aware of the information security, etc . The Management Communiqué stipulates that the institutions, establishments and associations that fall within the scope of the ob- ligations shall appoint a well-equipped and qualified individual who is responsible for performing the requirements of the processes and principles in respect of the security of the information systems and monitoring of the same and, further, reporting to the top management the risks and the management of the risks. The respective Commu- niqué further requires institutions, establishments and associations to hire a nationally or internationally certified independent person to run a leakage test at least once a year. The legislator states the minimum requirements to be fulfilled re- garding the control of the information systems under the Management Communiqué, which are, briefly, (i) defining the process owner, roles, activities and liabilities, (ii) defining the controlling periods, periodi- cally, and (iii) defining the aims and purposes of each of the controlling periods and measurable performances. The respective Communiqué further regulates, among others, that the asset (comprised from infor- mation) management, segregation of duties for the system, database and development of the implementations, security, ID authentication, authorization, audit trail mechanism, the principles for informing the customers and, finally, limited exceptions for certain institutions, es- tablishments and associations in respect of certain obligations. Sanctions In the event of any non-compliance with the provisions of the Management Communiqué, Article 103 ( General Principles ) of the Capital Markets Law will apply. Accordingly, an administrative fine from TRY 27,047 up to TRY 338,088 will be assessed.
Made with FlippingBook
RkJQdWJsaXNoZXIy MjUzNjE=