The specialized depositary Infinitum underwent certification audit according to the international standard

"The specialized depositary of "INFINITUM"" and Jet Infosystems company announced on December 12, 2012 project completion on creation of the information security management system (ISMS) and passing of certification audit on compliance to requirements of the international standard ISO/IEC 27001:2005.

Objectives

"The specifics of our activity mean direct responsibility to clients for safety of the confidential information processed by us. Following the planned strategic objectives, we made the decision to construct a complete information security management system and to certify it on compliance to requirements of ISO/IEC 27001:2005. The built processes of SUIB and successful passing of certification audit are performance indicators, a guarantee of high-quality and safe data asset management for the benefit of our clients and partners", – the CIO and to technology development of JSC Specialized Depositary INFINITUM Alexander Borodin emphasized.

The Jet Infosystems company became the contractor of the project. Experts of integrator, management of IT, cybersecurity service and heads of business divisions of special depositary entered into project team.

"The choice of Jet Infosystems company is not accidental and was result of a long and careful research of the market of services in the field of cybersecurity, – the head of service cybersecurity JSC Specialized Depositary INFINITUM Vasily Stepanenko noted. – The number of successful projects, professional qualities of employees, their aiming at result and use of the approach directed to active involvement in processes of our employees – all this allowed to make a choice for benefit of Jet Infosystems company, and now it is possible to note that we did not make the wrong choice".

Solution

At the initial stage of the project specialists of Jet Infosystems company inspected a current status of cybersecurity of the customer, defined degree of its compliance to requirements of ISO/IEC 27001:2005 (GAP analysis), defined borders of a scope of SUIB. It included all main business processes of the organization among which there is a maintaining registers mutual fund, depository activity, control of investment and accounting of the property making assets of the client, etc. Upon termination of audit the report containing results of inspection and the action plan, necessary for achievement of compliance to the standard is created.

Further inventory and assessment of criticality of assets of JSC Specialized Depositary INFINITUM are carried out, the risks connected with implementation of threats of cybersecurity are analyzed and estimated. With active assistance of staff of special depositary basic processes of management (among them internal audits, management of the adjusting and warning actions, etc.) and providing Information Security are developed and implemented (backup, antivirus protection and so forth). Experts of Jet Infosystems company provided training of employees in new requirements for information security and primary start of all processes of SUIB. Complex SUIB is approved with in parallel the quality management system (QMS) created in JSC Specialized Depositary INFINITUM conforming to requirements of ISO 9001:2008.

"Creating SUIB, we were guided by the best world practices in the field of effective management of the companies and considered features of processes, regulated SMK implemented in JSC Specialized Depositary INFINITUM. The implemented systems which are built in processes of the customer visually confirm that in the company really operating management system directed to increase in level of a maturity of the company and providing high-quality services to her clients at observance of the IB due level is constructed", – Anna Kostina, the head of safety management systems of Jet Infosystems company comments.

The certification of the constructed information security management system which is carried out by BSI company became the final stage of the project.