"Medicine" brought the IT system into accord with requirements of the international standard

For accomplishment of the complex project according to the solution of a problem of personal data protection in JSC Meditsina the decision to attract the external organization was made. After carrying out the analysis of offers and services of the suppliers specializing in information security field the DialogNauka company was selected. Not only financial conditions of the offer were considered, but also information on supplier companies of services in personal data protection, including reputation, existence of licenses of the state regulators, recommendations and experience of accomplishment of similar works was in details analyzed.

The project on creation of a system of personal data protection of employees and patients of JSC Meditsina included such works as:

• engineering design of a system of personal data protection according to provisions of the Federal law "About Personal Data" and requirements of regulating documents;
• delivery of information security tools according to results of engineering design;
• implementation of information security tools according to results of engineering design;
• conformity assessment of a personal data system to regulating documents on security of information of FSTEC of Russia.

"All works within this large-scale project were performed by specialists of DialogNauka company with high quality. Certification of a personal data information system of JSC Meditsina on compliance to security requirements of information was carried out to the terms set by the agreement that allowed to lead an information structure to a full compliance with requirements of the Federal law "About Personal Data"", - Kidalov Fedor, the director of service of information technologies of JSC Meditsina says.

Project Development

On December 26, 2013 it became known of completion of audit by DialogNauka company on compliance of security systems of data storage of Meditsina clinic to requirements of international standard ISO/IEC 27001:2005 Information technology. Security techniques. Information security management systems. Requirements (Information technologies. Security methods. Information security management systems. Requirements).

"For our company a great honor to work with Meditsina clinic, and we are grateful for the put trust, – Victor Serdyuk, the CEO of DialogNauka Ltd noted. – The project on development and preparation of an information security management system of JSC Meditsina for certification on compliance to requirements of the ISO/IEC 27001:2005 standard was multi-stage. It was succeeded observe it in most short time and with the proper quality level to us due to joint work of specialists of our company and the staff of JSC Meditsina.

The ISO/IEC 27001:2005 standard defines requirements to creation in the organization of a documentary information security management system which answers the purpose and tasks of this organization, considers specifics of its activity, provides implementation of adequate and adequate measures on information security support of company assets.

"Data protection – one of our priority tasks, – Fedor Kidalov, the director of service of information technologies of JSC Meditsina emphasized. – And creation of an end-to-end system of information security management according to the recommendations of the international standard ISO/IEC 27001:2005 allowed clinic to minimize possible risks in this area".