5.1. CBDDO Compliance

Means compliance with the "Information and Communication Security Guide" published by the Presidential Digital Transformation Office. This guide entered into force on July 24, 2020. It determines the measures that public institutions and organizations and businesses providing critical infrastructure services should take within the scope of information and communication security.

The purpose of CBDDO compliance is to protect information and communication systems against cyber-attacks. To this end, the guidance includes various measures within the scope of confidentiality, integrity and accessibility, which are the basic principles of information security. These measures include access control, data encryption, network security, system updates and personnel training.

CBDDO compliance is mandatory for public institutions and organizations and enterprises providing critical infrastructure services. These enterprises are obliged to protect their information and communication systems against cyber-attacks by taking the measures in the guide.

The scope of CBDDO compliance covers all elements of information and communication systems. This includes information and communication systems, the software and hardware used in information and communication systems, the persons accessing information and communication systems, and the data processed in information and communication systems.

The benefits of CBDDO compliance are as follows:

• Protects information and communication systems against cyber-attacks.

• Ensures confidentiality, integrity and availability of information and communication systems.

• Fulfills legal obligations.

• Strengthens corporate reputation.

In order to comply with CBDDO compliance, businesses are required to take the measures in the guide. Taking these measures will help businesses protect their information and communication systems against cyber-attacks.