External Systems Access General Procedure

In cases where installation, inspection, maintenance, upgrade, detection, etc. operations need to be performed on a system not hosted by EticSoft, access can be granted upon request from customers and business partners under the following conditions:

  • Check if there is a specially created procedure for the relevant operation type. If not, notify the Information Security Expert. The necessity of access and whether alternative methods have been applied are analyzed.

  • This procedure is communicated in writing to the customer or business partner who will provide access.

  • Customers or business partners must temporarily create access information and transmit it through EticSoft’s operated information system using authentication. Access information via email or phone is not accepted and not used.

  • Access information is not copied outside the information system or noted on physical papers.

  • Confirmation is required from the customer or business partner that they need to take a backup before the relevant operation, that the backup has been taken, and that they acknowledge they can revert to this backup in case of an unexpected problem and accept all responsibility for restoration. This confirmation message must also be sent through EticSoft’s operated information system with authentication.

  • If the customer or business partner does not explicitly express consent to the above items, access is not granted and access information is deleted.

  • After the relevant operation is completed, reconfirmation from customers or business partner is requested.

  • In case of mutual confirmation of operation completion, access information provided by customers or business partner is deleted, and the customer or business partner is notified that shared access information should be destroyed (user deletion, password reset).

  • If mutual confirmation of operation completion does not occur within 24 hours, the relevant access information is deleted. If the operation will continue, recreation of access is requested.

  • The external system access process is not recorded by the accessing party. The party providing access may record.

  • If an employee detects or suspects recording of EticSoft’s or their own information assets, they notify the Board in writing.