PASHA_BANK_ANNUAL REPORT 2022

45 PASHA Bank 2022 Annual Report General Information Information on Management and Corporate Governance Principles Financial Information and Risk Management Review Purchasing process automation was realized and trainings were delivered. In accordance with principles of compliance with COBIT processes, activities continued for increasing data storage and process capacity and performance, monitoring of network and system infrastructure and developing reporting tools. All changes were reflected in back-up and Emergency Center. PASHA Bank Kartal Business Continuity Center was kept ready for all business continuity activities, Business Continuity tests were performed based on remote working requirements. In 2023, PASHA Bank will pursue its investments and development activities in infrastructure and security areas at the Headquarters building, with the design of mobile working structure independent from the network and implementation of network access controls and continue to comply with the digital world by working on projects in its strategy. Information Security Information Security Management and support service purchased for back-up are being performed, monitored and reported in a healthy manner by the teams in the Bank. All of the Bank’s technological processes for employees’ remote working were applied in compliance with the dynamics of COVID-19, the required awareness training programs were organized and supported by training documents. The Bank’s remote working model was made compatible with hybrid model. A high functioning application security wall was added to security applications taking into consideration services open to outside, capacity increase and addition of new functions were realized in vulnerability detection systems. At PASHA Bank, information security policies are updated in line with the changes and threats happening in the area, information technology management processes are constantly reviewed and improved. Like every year, penetration tests for minimizing security and cyber threat risks were made, no critical level findings were noticed and the operations for strengthening the infrastructure were maintained according to the results. All of the employees and the new comers to the Bank participated in the in-house training program on information security awareness. Within the scope of Analyses and Improvement of Information Systems and Information Security Risks Project at PASHA Group, the Group worked on standards and benchmarks used in all countries and a new standard was prepared. Improvements will continue at the Group level in 2023. In the following period, developments will continue with investments for network security audit, mobile device management and cyber security applications. Progress was achieved by investing in digital banking services and these investments were increased as of 2022. digital banking