T. Garanti Bankası A.Ş. (Garanti BBVA) implements an Information Security Management System in order to provide our customers with secure banking services in support of the Bank's strategic plans. Garanti BBVA senior management determines the relevant policies, guides and supports efforts in this regard to establish structures that will protect information and information assets and to maintain security measures at an appropriate level.
Garanti BBVA implements the necessary detection and prevention methods against threats targeting any and all kinds of information / information assets owned by itself. Required testing and improvement activities are carried out to ensure that the said methods provide effective protection against current threats. Required investment, project and human resource needs in this regard are planned and implemented.
The bank's information assets are identified, and potential threats and vulnerabilities relating to these assets are analyzed. Necessary works to reduce the impacts of such potential threats and vulnerabilities are conducted within the scope of the Risk Management processes. With the awareness that it is not possible to completely eliminate the information security risks pertaining to information assets and also that there will always be "residual risk", it is essential to manage existing risks and to efficiently implement corrective and preventive controls to minimize the concerned residual risk.
Cyberattacks targeting information and information assets owned by the bank are assessed within the scope of information security incident management. Following the assessment of the incident, the updating of existing controls or implementation of new controls is performed as soon as possible.
In order for the activities carried out within the scope of information security to achieve the desired success, it is essential that the users have an informed and conscious attitude to the issue, do their parts relating to their areas of responsibility, and pay maximum attention to the published policies, procedures, guidelines, and announcements. In this context, the Bank conducts activities to increase the information security awareness of its employees and to make this awareness a part of the Bank's culture.
Efforts and works supporting the aims and objectives of our Information Security Policy are included in the Information Security Plan prepared every year, and the progress in such works is monitored and reported throughout the year. Continuous improvement of the Information Security Management System is ensured; the management reviews works and efforts aimed toward continuous improvement.