Contributing to the Strength of Technology

I

Information Systems Management

Information Systems Management

In 2024, the IT Governance Model was designed, the Agile Management Model was introduced, and Strategic Governance was put into operation.

Training programs were organized for ISO 27001 auditing, and Ziraat Katılım inspectors who passed the exam received ISO 27001 Lead Auditor certificates.

Ziraat Katılım implements practices to safeguard its information technology assets in order to ensure business continuity, support corporate objectives, and uphold customer satisfaction.

Ziraat Katılım Bank considers events that can damage the confidentiality, integrity, and accessibility of assets as risks under Information Systems Risk Management, and effectively manages Information Systems risks by taking into account the Information and Communication Security Guide of the Digital Transformation Office of the Presidency of the Republic of Türkiye, the Regulation of the Banking Regulation and Supervision Agency on Banks’ Information Systems and Electronic Banking Services, and other legal regulations and best practices in the sector.

In 2024, the Bank carried out code standards control, source code security scanning and audits, studies for firewall in web applications, vulnerability analysis studies for new applications and systems, and put the MAM/MDM product into service for device security.

National and international regulations are constantly monitored to ensure that the documents used in the Bank’s Information Systems Management and the activities carried out comply with current legislation.

In 2024, the IT Governance Model was designed to increase efficiency in Information Systems management processes, the Agile Management Model was introduced, and the Strategic Governance application, a new project request management application, was launched across the Bank.

Inspectors assigned to the Bank’s Audit Board, which conducts information systems audits, received training on network security, Windows security, and secure configuration topics. In addition, training was organized for the audit of the ISO 27001 Information Security Management System, and Ziraat Katılım inspectors who passed the exam were awarded the ISO 27001 Lead Auditor certificate. Furthermore, Ziraat Katılım inspectors underwent training in SQL Server to enhance their ability to conduct audits using data analytics techniques.

Ziraat Katılım implements practices aimed at securing IT assets in order to ensure business continuity, maintain a strong focus on corporate goals, and enhance customer experience and satisfaction.

Business Continuity Plans for Uninterrupted Service

Ziraat Katılım carries out activities to ensure business continuity in accordance with Article 13 of the Regulation on Banks’ Internal Systems and Internal Capital Adequacy Assessment Process, Article 28 of the Regulation on Banks’ Information Systems and Electronic Banking Services, and the Ziraat Katılım Business Continuity Plan prepared as per TSE ISO 22301. The Bank’s Business Continuity Plan encompasses an Information Systems Continuity Plan and an Emergency and Contingency Plan designed to address potential service interruptions. Information Systems Continuity Scenarios have been developed for the implementation of the Information Systems Continuity Plan, and an Emergency and Contingency Plan has been developed to assess the potential risks and their potential impacts that can arise from interruptions in operations. In the event of an interruption in operations, Headquarter units and branches are required to take action in accordance with the Information Systems Continuity Scenarios. When creating scenarios, the potential impacts of interruptions are evaluated in three stages: before, during and after the event.

In accordance with the Regulation on Banks’ Information Systems and Electronic Banking Services, Disaster Recovery Center (DRC) tests are conducted annually. A Business Impact Analysis study is conducted with the participation of all Bank units to determine the processes to be tested. Within the scope of the Business Impact Analysis, the Bank’s critical processes are identified end-to-end and scored in terms of risk. In addition to critical processes, critical personnel for the Bank are identified. Processes identified through the Business Impact Analysis and critical for the Bank are subjected to DRC Tests by critical personnel. In accordance with the Regulation, the Business Continuity Plan and its annexes are updated at least once a year based on the information and findings obtained as a result of DRC Tests. The Communication Chain Test is also conducted twice a year in accordance with the Regulation on Banks’ Information Systems and Electronic Banking Services.

In 2024, Ziraat Katılım Business Continuity Plan and its annexes were updated. Furthermore, in addition to the Business Continuity Plan, which was initiated in 2024, an Emergency/Disaster Action Process Plan is being prepared to be implemented in case of emergency and disaster as specified in Article 31 of the Presidential Decree No. 4 on the Organization of Institutions and Organizations Affiliated, Related, or Associated to Ministries and Other Institutions and Organizations dated 15/07/2018.

In 2024, the following activities were carried out in the information systems infrastructure to support business continuity;

  • Establishment of the Digital Farm structure,

  • Establishment of asynchronous logging structure,

  • Net 4.8, x64 and Integrated AppPool transformation of common modules,

  • TLS 1.2 transition,

  • PSP incorrect event notification,

  • BulkOperation .Net 8 update,

  • Inserting vm_memory_high_watermark value in RabbitMQ Prod queue servers,

  • Self Service LDAP to LDAPS conversion,

  • Upgrading Self Service (Ronda) applications to .NET 8,

  • Logging and archiving of dashboard menu usages,

  • Installing FileBeat on DocFactory Prod servers, importing logs to ELK,

  • Standardization of the use of Parallel.For/Parallel.ForEach,

  • Adding the method name to the URL on the JS side in IWT,

  • FTM performance improvement,

  • Adding maxRequestLength and maxAllowedContentLength values to ZKB.IWT and IWT application,

  • Logging of screen trace records on Open Search,

  • Reducing the Toura Connection Timeout time,

  • 64-bit conversion of INTERQ and RETAILDASHBOARD,

  • Creating log tables for the role tables in the SSO,

  • Making infinite loops that will not run on farm servers parametric,

  • Aspose v24 update.

Significant endeavors are underway to ensure the flawless functioning of Ziraat Katılım’s infrastructure and superstructure and the perfection of the service delivery platform. The headlines of the innovations realized in 2024 to improve the customer experience are summarized below.

  • TROY infrastructure, the national payment system, was made available to retail and commercial credit card customers.

  • Subsidized and non-subsidized agricultural financing products were offered to natural and legal persons engaged in agricultural production, to facilitate the procurement of goods and services.

  • With the MoneyGram integration, the infrastructure for sending money to more than 200 countries around the world and receiving money transfers from abroad has been established.

  • Developments were made for sustainability-themed commercial products.

  • The Supplier Financing System, a financial solution enabling the supplier that supplies goods or services to the buyer company to convert its receivables arising from the sales into cash under favorable financial conditions whenever it needs, without waiting for the invoice maturity, was introduced.

  • Customers were enabled to send/receive money to and from their accounts at other banks via the Bank’s Katılım Mobile application.

  • Customers were enabled to easily perform banking and payment transactions from TAM ATMs, Bank POSs, and other bank ATM/POS devices with the QR code they created through the Katılım Mobile application.

  • The Easy Fund Financing product was developed to meet the investment demands of retail customers by financing the purchase of funds consisting of securities that comply with the principles and standards of participation banking.

  • The Instant Daily Account product was introduced to meet the daily needs of customers with its special current account feature.

  • The Advantageous Commercial Financing infrastructure was established, which aims to provide customers with favorable financing conditions against current account blocks and offers solutions to their financing needs in this regard.

  • The Accumulating Savings Account product was introduced for customers who wish to invest their savings for specific purposes with advantageous profit-sharing rates.

  • The Secure Layer Service (Trench) reduced financial losses, operational expenses, customer losses, and reputational risks caused by fraud in FAST, EFT, or money transfer transactions.

  • Stock trading integration was established with Ziraat Yatırım.

  • The Secure Payment Infrastructure was established in order for customers to sell their second-hand vehicles securely.

  • Infrastructure work was completed to enable customers to apply for a debit card via the Katılım Mobile application and the Internet Branch.

2025 and Beyond

Under the Information Systems Management, it is aimed to accelerate the integration and adaptation of the Bank’s information systems to current technological developments.

About the Report

Integrated Annual Report of Ziraat Katılım Bank covers the period from January 1, 2024 to December 31, 2024.

You can share your feedback and suggestions regarding the Ziraat Katılım Bank A.Ş. 2024 Integrated Annual Report via email.

stratejiplanlamavesurdurulebilirlik@ziraatkatilim.com.tr
2025 Ziraat Katılım © All rights reserved.
Designed by
Moreport Logotype
Developed by
Moreport Logotype