CONTROL TABLE REGARDING THE MEASURES TO BE TAKEN BY THE DATA RESPONSIBLE WITHIN THE SCOPE OF PROTECTION OF PERSONAL DATA
- Network security and application security are provided.
- A closed system network is used for personal data transfer via network.
- The key method is applied.
- Security measures are taken within the scope of procurement, development and maintenance of information technology systems.
- The security of personal data stored in the cloud is ensured.
- There are disciplinary regulations that include data security provisions for employees.
- Training and awareness activities are carried out periodically for employees on data security.
- An impact matrix has been created for employees.
- Access logs are kept regularly.
- Institutional policies on access, information security, use, storage and destruction have been prepared and started to be implemented.
- Data masking is applied when necessary.
- Confidentiality commitments are made.
- Employees who have a change in duty or quit their job are removed from their authority in this field.
- Current anti-virus systems are used.
- Firewalls are used.
- The signed contracts contain data security provisions.
- Extra security measures are taken for personal data transferred via paper and the relevant document is sent in confidential document format.
- Personal data security policies and procedures have been determined. Personal data security issues are reported quickly.
- Personal data security is monitored.
- Necessary security measures are taken regarding entry and exit to physical environments containing personal data.
- Physical environments containing personal data are secured against external risks (fire, flood, etc.).
- The security of environments containing personal data is ensured.
- Personal data is reduced whenever possible.
- Personal data is backed up and the security of the backed up personal data is also ensured.
- User account management and authorization control system are implemented and these are also followed.
- In-house periodic and/or random audits are conducted and made.
- Log records are kept without user intervention.
- Existing risks and threats have been identified.
- Protocols and procedures for special quality personal data security have been determined and implemented.
- If sensitive personal data is to be sent via e-mail, it must be sent in encrypted form and using KEP or corporate mail account.
- Security encryption / cryptographic keys are used for sensitive personal data and are managed by different units.
- Intrusion detection and prevention systems are used.
- Cyber security measures have been taken and their implementation is constantly monitored.
- Encryption is done.
- Penetration test is applied.
- Data processing service providers are periodically audited on data security.
- Special quality personal data transferred in portable memory, CD, DVD media are encrypted and transferred.
- Awareness of data processing service providers on data security is ensured.
- Data loss prevention software is used.