GDPR and Quality Standards

OUR QUALITY POLICY

About developing and offering software and information technology;
• Is to answer customer’s needs and expectations at upmost satisfaction and deliver products and services on time that will increase productivity.
• Is to maintain customer satisfaction at upmost level by offering strategic management and services and become “Strategic Business Partner” of our customers.
• Is to offer products and services suitable for both national and international requirements.
• Is to keep continuity of servicing and to provide and develop information security.
• Is to maintain continuous rehabilitation and development of our main philosophy by calculating business performances systematically.
• Is to keep our staff’s both personal and professional developments at upmost level.
• Is to build an environment that works with sharing information and team spirit.
Quality Management System is our main policy.

The management of SOFT hereby undertakes that this policy will be conducted and well understood by SOFT’s employees. This policy is a frame of our targets and revised continuously.

OUR SECURE SOFTWARE DEVELOPMENT POLICY

Our main policy for developing secure software is as below:

• SOFT BUSINESS SOLUTIONS attaches great importance to security at every phase of software development life cycle in line with the strategic targets.
• In this context, SOFT pledges to take all precautions related with security in all work processes of software development life cycle.
• In terms of data protection it is ensured that all sorts of data which is saved or used by applications are closed to access by unauthorized persons.
• It is guaranteed that the personal data which is saved or processed in applications is in compliance with the laws and regulations related with Personal Data Protection Law (PDPL).
• Technical details and daily logs related with errors and unexpected situations are not viewed by end users.
• Sources such as content, indexes, server interfaces, etc., which are linked to applications can not be opened to uncontrolled access.
• Every source which is opened to access is subjected to identification control.
• For access to all sources and pages which are not classified as general, user authentication is performed by the server.
• All successful and unsuccessful login transactions and attempts of access to sources are saved.
• It is ensured that the steps of secure software development are carefully carried out during management of the session which is opened after authentication and which defines the duration of a permission of access.
• HTTPS protocol is used during transfer of critical data between the application and the end user, with respect to communication security.
• Input in all sorts of data entry transactions, which the users carry out via interfaces or which can be accessed by parameters due to system structure in the applications, is controlled.
• All sorts of response objects produced by the applications undergo output coding controls. In compliance with General Data Protection Regulation (GDPR) and Personal Data Protection Law (PDPL), unauthorized persons are prevented from viewing personal data.
• Importance is attached to training in order to ensure that all employees and business partners, who work in software life cycle process, participate in Secure Software Development Policy.

SOFT Management pledges to communicate this policy to all employees, and to make sure that this policy is understood by all employees. This policy constitutes a framework for the targets and is reviewed continuously.