Translated by

Informzashita prepared " " for passing of the international audit

Customers: Yandex. Yandex.Cloud

Moscow; Information technologies

Contractors: Informzashita, BSI Group
Product: Projects of external audit of IT and security (in tch PCI DSS and SUIB)

Project date: 2019/07  - 2020/01

2020: Preparation and passing of audit on compliance to requirements of ISO/IEC 27017:2015 and ISO/IEC 27018:2019

On February 13, 2020 the company "Informzashita" announced preparation "Yandex. Cloud" to passing of audit on compliance to requirements of the international regulating documents that is confirmed by the independent auditor British institute of standards (BSI Group). Thus YandexCloud, "." – the first public platform in Russia and the CIS, providing security of information on ISO standard/IEC 27017:2015 and personal data protection users according to the international standard ISO/IEC 27018:2019.

Any Company which provides to the clients hi-tech services is faced the need not only providing the high level of information security, but also demonstration of this level with a clear and indisputable image. The confirmed platform security level " " and compliance to international standards of security, including statutory requirements 152-FZ, are especially important for the companies which are going to use a public cloud for increase in fault tolerance of the IT systems. The security of a public cloud platform is the main selection term of service provider at transfer of IT infrastructure of the company in Cloud. If the public cloud is used for the intellectual analysis and processing of corporate data, compliance to international standards of information security support becomes critically necessary. Compliance to standards of ISO/IEC series 270xx also means the voluntary obligation of the platform to provide transparency to data and content for the users.

Our purpose – to provide the security level of transactions with data in "" at much higher level, than the average level of security of own infrastructure of the large companies. Only this way Cloud can meet customer expectations which trust us data and processes of the business,
told Oleg Koverznev, the director of business development ""

The measures taken by company for privacy protection of these clients including from the staff of the company and also for reliability assurance and the continuity of work of systems and services, not only satisfy, and often even advance requirements of the most strict information security standards. The technical solutions implemented at the heart of service of strike with the maturity and thoroughness, despite comparative youth of the platform,
noted Valery Blonsky, the auditor of BSI

The command " " for the solution of this task selected not just certification on compliance to requirements of already widely known international standard ISO/IEC 27001, but also application enough young ISO/IEC 27017 and ISO/IEC 27018 standards which contain expanded sets of best practices in the field of data protection, specific to cloud service providers and for personal data processing,
told the technical director of the company Informzashita Vyacheslav Maximov