Information security management system for retail chain stores of Eldorado

Jet Infosystems and Eldorado companies held in July, 2011 a joint press conference at which main objectives and results of creation and certifications of an information security management system of Eldorado were provided.

As customer representatives explained, implementation of SUIB was caused first of all by awareness of high responsibility of management to shareholders, partners and buyers for safety of the private information circulating in a corporate IT system of the company. Besides, the task of fulfillment of requirements of the law "About Personal Data" was set. As for voluntary certification on compliance to criteria of ISO 27001, this act should provide Eldorado additional competitive advantages — it will be simpler to company to interact with suppliers, insurance and financial institutions, business partners.

The certificate after all ensuring real safety of business processes became the certificate, but a main goal of creation of a system, the manager on information security of Eldorado Konstantin Korotnev emphasizes. The project allowed to structure accurately processes of providing and information security management and to increase their transparency for users. According to Korotnev, the system now built covers about a third of critical business processes of the company, including the loyalty program of clients, major for the enterprise.

How there took place process of creation of this system, Anna Kostina, the head of group of information security management systems told journalists Jet Infosystems. At first specialists of the company conducted examination of the current situation in Eldorado to understand in what degree its information security system conforms to requirements of ISO 27001 and law No. 152-FZ. At the same stage borders of distribution of the business processes included in a scope of future SUIB were defined. Primary audit also included testing of a corporate information system for existence of vulnerabilities. Based on this work recommendations about upgrade of the existing protective equipment of Eldorado and improvement of a number of the processes connected with information security support and personal data processing were prepared.

The second project stage included development of safety management processes, obligatory in terms of certification, inventory of assets, risks assessment of loss or a compromise of data. At the same time were developed and implemented required by ISO of policy and the procedure, the explanation to the staff of Eldorado of new requirements for respect for information security was conducted. Then specialists from Jet Infosystems and Eldorado jointly started the first cycle of processes of SUIB. Independent assessment of the constructed system representatives of British Standards Institute (BSI) became the completing accord.

According to Evgeny Akimov, the associate director of Information Security Center Jet Infosystems, benefits from creation and certification of SUIB are obvious to the customer: it and cost optimization on information security, and increase in the international ratings and also the facilitated entry into the world market and value increase of the company at merges (it was confirmed, in particular, in practice at consolidation of ROSNO with Allianz). By the way, the Jet Infosystems company executed already 20 projects in the field of IT security on the basis of the provisions ISO 27001, but the contract with Eldorado was its first project in a retail segment.

• Source of OSP