Financial institutions’ ability of using information technologies enables them to stay efficient in the both local and global financial markets, act promptly and adapt rapidly changing environment conditions. Since technology has become an indispensable component, institutions’ need for a well-established, efficient and flexible technological infrastructure increased dramatically. MKK, in parallel with the improvements in technology, aims continuous enhancement in its information technology infrastructure as well as increasing its service level.
MKK Information Technologies is already aware that to accomplish these goals, below conditions have to be met;
- 1. Having highly qualified human resources; as the real base for “innovation”
- 2. Establishing effective Information Technology Processes for Product Development and Systems Management
3. Using “Information” and “Technology” effectively and efficiently
Projects Management Office
MKK projects that have been developed in compliance with MKK’s dynamic and innovative vision are managed and coordinated with using newest technologies and up to date project management techniques as well as presenting utmost team work by the Project Management Office.
In MKK, human resources are regarded as the core of Information Technologies and the aim is, not only using human resources for only performing business as usual processes (Run MKK), but also changing Turkish Financial Market and taking it one step ahead by developing and executing value added projects in parallel with MKK’s vision and strategy.
As a part of project management methodology, for all projects that are either “in progress” or “not yet started”, daily (scrum) and weekly progress meetings (PPM) are organized to give direction to project teams, as well as monthly “PSC” meetings, which are used for providing regular updates to senior management and discuss latest status and milestones.
Software and System Development
“Systems Design” and “Systems Development” are performed under a multi layered architecture framework for the projects that are in progress. During the development of Central Depository System, the software has been designed and developed to be a web based Java application, compatible with a 3-layered architecture, and have ORACLE database. Business logic applications run on application servers that are designed between presentation layer and data management layer without making any changes on the database. Requests coming from different channels for Central Depository System screens, MKK-web Investor, E-Governance Portal or IVR, are transmitted to application layer by the help of an SOA (Service Oriented Architecture) based web application. By adopting this structure, a trustworthy, scalable and manageable architecture is aimed. Furthermore, by the help of logical decomposition of application components, repetitive usage of decomposed application components in software’s life cycle is also accomplished.
Processes and procedures for Version Management System are prepared to meet global standards; by the help of integration of SVN, Ant, Maven, Jenkins, Apache Archiva and Jira applications, a “Continuous Integration” based version management system infrastructure was maintained. Therefore, for in house developed applications (in MKK), packaging and deployment processes became automated, and new versions have been developed in 70% shorter time with minimized bugs.
Central Registry System Software
Having awarded with the “Award of merit” at the 7th Technology Conference by TUBITAK (Scientific and Technological Research Council of Turkey) - TUSIAD (Turkish Industrialists’ and Businessmen’s Association) – TTGV (Technology Development Foundation of Turkey), Central Depository System design started in late 2003 and system set-up and software development phases were all managed in house by only using national resources.
By building a multi-layered, service-oriented J2EE architecture in software development phase and system and security design phases, an open, flexible, manageable and maintainable (with minimum costs) structure is established. During system development phase, security issues were much prioritized since the data kept on the database is extremely important.
One of the core components of security related issues is giving the users the ability to perform operations only by using their electronic signature cards, which are maintained based on their access rights and entitlement profiles. For any operations performed by the users, system performs signature verification and the operations are signed electronically.
Together with Institutions Integration project, an “SOA based integration infrastructure” has been established by taking security and performance criteria into consideration to provide online integration to external systems. Providing Central Depository System services through web services to “service demanding” external organizations, is also under the scope of the project that was put into service in 2011.
As of today, integration with Takasbank, Revenue Administration (Institution), MERNIS, Public Disclosure Platform, e-Government, Electronic Certificate Service providers, intermediary institutions and banks has been established through various channels. As per requests of MKK members, CDS applications are promptly added under institutions integration. A total of 13 services (Account Opening, ID Matching, Investor Creation and Inquiry, Investor Information Update, Address Update, Balance Inquiry, Message Inquiry, GDS Transactions, GDS Depot Transfer, Mutual Funds Transactions, Proxy Identification, Update and Cancellation) are currently offered to intermediary institutions, as well as performing user acceptance tests and developing new enhancements.
e-MKK Information Portal
As a result of e-MKK Information Portal; internet portal, corporate content and document management system and Enterprise Service Bus (ESB) systems (as the integration layer) have been set up, related enhancements have been completed for the applications (that are going to run on this layer) and the project went live with the integration of ID verification and security components working in an integrated manner. By the help of the integration, it is possible to log in to e-MKK Information Portal and benefit from the services after defining entitlement profiles from e-Government application.
Process Improvement and Capability Maturity Model Integration
Based on the internationally accepted models and standards, application development projects can be completed by having highest quality results with the most feasible costs and still remaining within planned timeline. Capability Maturity Model Integration (CMMI) is one of the most popular models, providing best practices to application developing institutions on Project Management, Requirement Specification, Development, Change Management, Process Improvement, and Support and Maintenance areas. In order to improve information technologies processes, CMMI level 3 eligibility efforts are in progress and internal audits on information technologies have been conducted in accordance with CMMI standards.
As Information Technologies gain more and more importance in our business lives, it became inevitable for institutions to have alternative strategies to maintain business continuity, prevent data losses and act promptly and flexibly when faced with unexpected circumstances. To maintain and strengthen continuity and reliability of critical services provided by MKK, Business Continuity Management System efforts are in progress under the scope of BS 25999 standards. Business Continuity tests are performed annually with the participation of all participants and Business Continuity Center infrastructure is also under continuous improvement.
Technology Services are subject to increasing number and types of external
threats, as they become more integrated and easy to reach. MKK, being aware of
the importance and priority of information security, established a risk
management model to minimize the deteriorative effects of a possible attack
(with cyber attack) at its assets and processes. Exposable threats and
weaknesses are being evaluated continuously, risk values are being assessed,
and risk management precautions are being taken accordingly.
MKK’s Information Security Management System works compatible with ISO/IEC
27001:2013 Information Security Management System and has been internationally
Service Management and Tracking
In order to prevent MKK data center systems from being interrupted and react promptly when confronted with a problem, automated critical system components monitoring is adopted. By the help of single-point monitoring of Information Technologies processes, it is possible to detect, manage and report problems before exceeding threshold values, and thus increase service level quality.
“Call and Problem Management” is performed by the Help Desk that offers services in compliance with “ITIL” processes. “Change and Configuration Management” processes and “system components” are also designed and managed in parallel with ITIL processes and under a well-established discipline.
Developments in “virtualization technologies” are also being followed closely. In this context, virtualization and consolidation processes of many servers in various segments have been completed and an effective server management process has been established.