INFORMATION SECURITY POLICY

Sipay Elektronik Para ve Ödeme Hizmetleri A.Ş. (“Sipay”) commits to protecting the confidentiality of its users’ personal and financial information. To prevent unauthorized access, disclosure, alteration, or destruction of this information, a series of measures are implemented, as follows;

  • Develops and implements the necessary infrastructure and controls to maintain the accuracy and completeness of information and to ensure continuous access to information systems.
  • Adheres to the principle of separation of duties in the design, development, testing, and implementation processes, and establishes authorization accordingly. Sets up approval mechanisms for critical operations.
  • Maximizes data security by physically and logically separating development, testing, and production environments.
  • User authorization is kept at the necessary minimum level and regularly audited.
  • Takes necessary measures to ensure network security against external threats and continuously reviews them.
  • Adopts a layered security approach to ensure continuous monitoring of systems.
  • Implements security measures such as encryption and masking for the secure transmission and storage of payment and personal data.
  • Ensures the security and confidentiality of the encryption keys used.
  • Establishes an organizational structure for effective information security management and coordination.
  • Inventories information assets, identifies and manages risks.
  • Respects the rights of data owners.
  • Develops procedures for the detection, reporting, and prevention of information security incidents.
  • Implements training programs to increase all personnel’s awareness of information security.
  • Takes necessary physical and environmental measures to ensure security in areas where information is processed.
  • Determines and implements security requirements in the acquisition, development, and maintenance processes of information systems.
  • Ensures compliance with defined policies and procedures by obtaining written commitments from employees.
  • Takes measures against interruptions in business activities and guarantees continuous access to information.
  • Implements security controls in all relevant areas to prevent unauthorized access.
  • Continuously reviews and improves the information security management system.