Information Security

Information Security

Customer and data privacy is among Turk Telekom’s material topics. We manage our data security and privacy policies with protocols in accordance with the personal data protection legislation and other relevant regulations and we meticulously maintain the ongoing GDPR (EU General Data Protection Regulation) compliance process. We improve these policies through regular internal audits, staff training, and third-party assessments. At our company, data is encrypted both in transit or when pending, and access controls are strictly maintained to ensure that only authorised personnel have access to sensitive information. We protect the confidentiality of personal data in accordance with Turkish laws and regulations. We classify all our data and provide protection against loss and leakage within the framework of our security policies. We take effective security measures in case of uncontrolled extraction or leakage of data to external targets.

Information Security Certifications

Our company has the ISO 27001 certification covering fixed and mobile networks. We conduct annual Information Security Internal Audit activities, assign several actions according to the audit
results and follow-up on them. In addition, we have a PCIDSS certificate for the mobile network. We periodically conduct vulnerability and leakage tests on systems. In addition, within the scope of ISO 27001 and PCI-DSS, we periodically provide employees with information security awareness training as required by the standards.

Cybersecurity Services and Customer Experience

As a company that provides cybersecurity services to approximately 5,000 organisations with more than 50 products and services, we have the largest cybersecurity portfolio in Türkiye. We offer faster solutions to our subscribers and ensure maximum service continuity in our Customer Service Convergence (CSC) model by means of digitalisation, operational analytics, Wi-Fi operations, and operational excellence in all areas. In this process, we have developed artificial intelligence (AI)- based proactive systems that offer instant solutions for potential problems. We prevent thousands of phishing, DDoS, and malware attacks on our telecom infrastructure every month and intervene on-site when necessary. In 2023, we provided protection for 2,620 high-dimensional attacks of 1 Gbps and above, which are considered critical attacks.

We have a security product portfolio to meet the 360° security needs of customers, and we have manageable EDR (Endpoint Detection and Response) and incident response services. In addition, we increased the number of customers by enriching our product portfolio with shared e-mail security, attack surface studies, and cybersecurity maturity assessment services.

Gelişim Üssü (Development Base) Programs

As part of our Gelişim Üssü (Development Base) program, we organised two separate camps on cybersecurity and cloud computing. These camps aimed to develop the knowledge and skills of the participants in cybersecurity and cloud computing and contributed to providing qualified human resources to the sector. Our programs provided participants with both theoretical knowledge and practical experience through handson training. During the training process, in-depth information was provided on recognising cybersecurity threats, taking precautions against these threats, and responding to them. In addition, comprehensive training was provided on the effective use of cloud computing technologies and best practices in this area. Participants have improved their ability to follow and apply innovations in the sector.