Information Technologies Compliance and Audit Services

Information technologies structure is important in corporations meeting changing compliance needs. Our compliance and auditing services ensure your compliance with the following information technologies legislation:

• BRSA (BDDK) information systems legislation for banks, their affiliates and support services establishments; factoring, financial leasing, financing and asset management companies; information exchange, barter and offset establishments; and payment and security settlement systems, payment systems and payment and electronic currency institutions
• CBRT (TCMB) information systems legislation for payment and security settlement systems, payment systems and payment and electronic currency institutions
• CMB (SPK) information systems legislation for various establishments with compliance or audit liabilities
• RA (GİB) information systems legislation for e-document (e-invoice, e-dispatch, e-archive etc.) private integrators and trusted service managers
• TBA (TBB) Risk Center information systems legislation for member establishments
• Ministry of Treasury & Finance and IRSA (SEDDK) information systems legislation for the insurance industry
• Ministry of Commerce information systems legislation for e-general assembly and e-commerce
• ICTA (BTK) information systems legislation for the telecommunication industry
• Other information systems legislation published by POAASA (KGK), other regulators and institutions
• SOX and J-SOX legislation
• Standards in the scope of IFRS (IFRS9, IFRS15, IFRS17 etc.) that might result in technology transformation needs
• Internationally accepted frameworks and standards such as CMMI, COBIT, ISO20000, ISO22301, ISO27001, ISO31000, ISO38500, ITIL, PMI, TOGAF etc.
• Local and international standards such as GDS3402, ISAE3402, SOC-1-2-3 etc. for assurance needs related to services provided by service organisations, support service establishments, external service providers, establishments operating in Fintech, Insurtech and Regtech, and other suppliers
• Local and international standards such as GDS3000 and ISAE3000 for assurance needs related to business and technology needs of applications and other matters