RSS
Логотип
Баннер в шапке 1
Баннер в шапке 2
Project

Leta provided compliance ISPDN KIT Finance to requirements of the legislation of the Russian Federation

Customers: KIT Finance, JSC

St. Petersburg; Financial Services, Investments and Auditing

Contractors: Leta IT-company
Product: Projects of external audit of IT and security (in tch PCI DSS and SUIB)

Project date: 2011/11

The Leta company announced end of the complex project on reduction of personal data information systems (further ISPDN) and processing of personal data (PDN) of the broker KIT Finance in compliance to requirements of the legislation of the Russian Federation and regulating authorities.

The problem of the organization of a system of the personal data protection (SZPDN) meeting the requirements of the legislation of the Russian Federation is relevant for most the companies. Negative effects for business in case of assumption of gross violations in a question of protection of PDN can be extremely heavy up to involvement of the company to criminal, administrative or to other types of responsibility, says Leta. Creation of effectively functioning system of security of PDN on the basis of normative and methodical documents of FSTEC of Russia and FSB of Russia can become one of methods of decrease in similar risks.

KIT Finance specializes in rendering broker services for financial institutions, corporate and private investors in the stock market, bonds and terminal contracts. The company provides access of more than 20 thousand clients to biddings at the Russian exchanges. Understanding all importance of the task set for them, specialists KIT Finance stopped the choice on Leta as on the professional and proved enhanced service provider in the field of cybersecurity having a portfolio of successfully executed projects in financial credit institutions and having unique experience in area of personal data protection.

Within the project specialists of Leta had to bring ISPDN and processing of PDN "KIT Finance" into compliance to requirements of the legislation of the Russian Federation and regulating authorities, in particular: reveal cases of failure to meet requirements of the legislation in the field of processing of PDN and make the list of the actions necessary for elimination of such cases; develop a complete set of documentation necessary for the organization of processing of PDN in the company; develop different options of creation SZPDN.

The project consisted of several stages. The first — inspection and the analysis of processing of PDN. The analysis of collected information and development of reporting documentation became the next step. In particular, the personal data processed in bank were defined, selected and classified ISPDN, relevant security risks of PDN are identified (according to requirements of FSTEC of Russia and FSB of Russia).

At the final stage of the project specialists of Leta developed the KIT Finance adapted for specialists the packet of organizational and administrative documentation conforming to all requirements of the legislation and also meeting requirements of a system of documentary providing the company. Development of the outline sketch SZPDN including several versions of project solutions on implementation SZPDN became one more important final stage.

"Need of security of personal data presently — not only the requirement of the legislation, but also objective reality. Information on the person was always of great value, but today it turned into expensive goods. For this reason personal data need the most serious protection — Dmitry Dubotolkov, the head of department of information security emphasized KIT Finance. — Especially protection of PDN is important for the credit and financial organizations. For implementation of the tasks we needed the partner who could execute quickly enough all cycle of works, and at high technological level, with accurate project organization and full compliance with all legal nuances. The project showed that we did not make the wrong choice of the company contractor".
"Personal data protection is one of priority activities of Leta company today. Specialists of our company consider this task not only as fulfillment of requirements of the Russian and international legislation, but also as an opportunity to create the full-fledged system of security — Andrey Konusov, the CEO of Leta company noted. — Having accumulated considerable experience in carrying out projects on providing Information Security, our specialists developed the approach to implementation of a problem of protection of PDN. It is based on state standards, regulations and documents of regulating authorities and also on expert experience of our specialists. Thanks to detailed planning and close coordination at the level of company management KIT Finance experts of Leta managed to carry out all necessary works and to provide results in full accordance with initially certain terms and technical requirements".