Home
Corporate
About TUGAY Certificates Partners Careers
Services
Penetration Testing Source Code Analysis Training References Contact Startup Application
Get a Quote
Ana Sayfa /Knowledge Base /IYS Penetration Testing
IYS

Penetration Testing and Information Security for IYS Companies

Technical security requirements that IYS companies must meet during the BTK accreditation process.

IYS and Cybersecurity Requirements

The Message Management System (IYS) is a centralized platform where commercial electronic message consents are recorded, stored, and managed. The operation of the system is subject to oversight by the Information Technologies and Communication Authority (BTK) under the Regulation on Commercial Communication and Commercial Electronic Messages.

Companies that operate systems integrated with IYS or provide the infrastructure for these systems must meet specific technical security standards in order to obtain BTK accreditation. These standards cover system reliability, data integrity, and protection against unauthorized access requirements.

Personal Data Dimension

IYS platforms process communication consent and approval data belonging to millions of individuals. This data requires special protection under KVKK; the adequacy of technical security measures is of critical importance for both BTK and KVKK audits.

IYS Systems Security Testing Scope

TUGAY conducts penetration tests for IYS companies with specialists who have an in-depth understanding of the platform's architecture and legal requirements:

  • IYS API endpoint security tests
  • Consent registration and query system integrity tests
  • Authentication and session management security
  • Unauthorized data access and IDOR tests
  • Database security and SQL injection analysis
  • Infrastructure and server configuration security
  • Service availability and DoS resistance testing

BTK Accreditation Process

  1. Technical Requirement Analysis: Technical security requirements in the BTK accreditation guide are identified; gaps between the current state and requirements are determined.
  2. Infrastructure Security Testing: All system components are subjected to penetration testing; high-risk vulnerabilities are prioritized.
  3. Data Security Verification: The technical security of personal data processing, storage, and deletion processes is verified.
  4. Remediation and Closure Testing: Identified vulnerabilities are remediated; a closure test documents effectiveness.
  5. Accreditation Report: A technical security report suitable for use in the BTK application is delivered.

Ongoing Security Programme

Maintaining BTK accreditation requires ongoing security management beyond a one-time security test. TUGAY continuously evaluates the security posture of IYS companies through periodic testing and monitoring services.

  • Comprehensive penetration test at least once per year
  • API and application testing with each software version update
  • 24/7 security monitoring and anomaly detection consulting
  • Periodic BTK and KVKK compliance status reporting
Startup Program

Secure your product
before it hits the market.

Security isn't just for large enterprises. Every startup needs a solid foundation from day one. Let us find the vulnerabilities before attackers do. For free.

Apply for Startup Program

Application is free. No commitment required.

Assessment scope

  • Initial security assessment by an expert
  • Critical vulnerability and weakness identification
  • Prioritized findings summary report
  • GDPR preliminary compliance assessment
  • Expert feedback within 48 hours
Completely free & non-binding
Free Assessment Request Pentest Startup Application