Information Technologies Compliance and Audit Services

Information technologies structure is important in corporations meeting changing compliance needs. Our compliance and auditing services ensure your compliance with the following information technologies legislation:

• BRSA (BDDK) internal systems and information systems legislation for banks, their affiliates and support services providers; factoring, financial leasing, financing and asset management companies; information exchange, barter and offset establishments; and payment and security settlement systems, payment systems and payment and electronic currency institutions
• CBRT (TCMB) information systems legislation for payment and security settlement systems, payment systems and payment and electronic currency institutions
• CMB (SPK) information systems legislation for various establishments with compliance or audit liabilities
• RA (GİB) information systems legislation for e-document (e-invoice, e-dispatch, e-archive etc.) private integrators, secure mobile payment and electronic document management system service providers, and trusted service providers (TSM) for new generation payment recorder devices (YNÖKC)
• TBA (TBB) Risk Center information systems legislation for member establishments
• IRSA (SEDDK) internal systems and information systems legislation for the insurance industry
• ICTA (BTK) information systems legislation for the telecommunication industry
• Information systems legislation for e-general assembly system (EGKS), e-signature, e-notification, registered e-mail (KEP), e-commerce etc.
• Other information systems legislation published by POAASA (KGK), other regulators and institutions
• Internationally accepted frameworks and standards such as CMMI, COBIT, ISO20000, ISO22301, ISO27001, ISO31000, ISO38500, ITIL, PMI, TOGAF etc.
• Information systems requirements in the scope of SOX, Euro-SOX and J-SOX legislations
• Information systems requirements in the scope of the international legislations such as DORA (Digital Operational Resilience Act), DSA (Digital Services Act) and DMA (Digital Market Act)
• Information systems requirements in the scope of the standards that might result in technology transformation needs such IFRS standards (IFRS9, IFRS15, IFRS17 etc.) and other frameworks (Basel, Solvency etc.)
• Local and international standards such as GDS3402, ISAE3402, SOC-1-2-3 etc. for assurance needs related to services provided by service organisations, support service establishments, external service providers, establishments operating in Fintech, Insurtech and Regtech, and other suppliers
• Local and international standards such as GDS3000 and ISAE3000 for assurance needs related to business and technology needs of applications and other matters