"The technical Center Internet" received the certificate on compliance of systems and processes to the ISO/IEC 27001 standard

AMT Group and Technical Center Internet Ltd announced completion of works on system implementation of information security management (SUIB), conforming to requirements of the international standard ISO/IEC 27001. The corresponding press release is published on January 28, 2013.

Solution

"Security and safety of the processed data is one of the most important aspects of functioning of registers of the domains RU. Russian Federation and. SU, all Russian system of domain registration. We bear direct responsibility to clients for safety of the confidential information processed by us and for this reason the decision to create a single system of information security management was made. AMT Group has wide experience of implementation of such systems, it perfectly proved in the market, and we are happy with our cooperation", - the deputy CEO of TTsI Ltd Marina Nikerova noted.

Details

Works on implementation of SUIB are performed within four main stages. At the initial stage of the project specialists of AMT Group inspected key business processes and carried out inventory of assets of TTsI. Audit of cybersecurity on compliance to requirements of the ISO/IEC 27001 standard is booked.

Within the second stage, on the basis of the acquired information about the value of data assets, assessment works of risks of cybersecurity are performed.

During the third stage specialists of AMT Group designed management processes and providing Information Security, defined roles, duties of staff of TTsI within SUIB, offered control mechanisms for processing of risks of cybersecurity, their decrease to acceptable level.

The fourth stage implements implementation of the developed management processes of SUIB together with the staff of TTsI, including the training program and increase in awareness of personnel in the field of cybersecurity.

"Implementation of SUIB according to the ISO/IEC 27001 standard will allow to give to our clients and partners a guarantee not only quality services, but also high degree of security of their information", - the head of department of information security of TTsI Valery Temnikov noted.

Further in Technical Center Internet Ltd carrying out certification audit is planned.

"The main objective of AMT Group was creation of effective risk-oriented management model of the cybersecurity promoting achievement of business objectives of TTsI, - Dmitry Markin, the head of department of audit and consulting of Cybersecurity Department of AMT Group told. – Making use of the accumulated experience, specialists of AMT Group solved this problem by establishment of interrelation of processes and subsystems of cybersecurity, distribution of responsibility for ensuring data protection between divisions of TTsI and their partners and also granting tools (risks assessment of cybersecurity, calculation of metrics of efficiency, etc.) for ensuring continuous improvement of SUIB".

Project Development

On September 23, 2014 the Technical Center Internet company announced certification of the information security management system (ISMS) on compliance to requirements of the ISO/IEC 27001 standard.

Works in the project were performed by AMT Group company. Certification audit is booked by representative office of British Standards Institute.

Certification there underwent the processes which are directly connected with primary activity of the company: development and service of the Main register and recording system of domains. RU. Russian Federation. SU. CHILDREN. TATAR. MOSCOW and. MOSKVA, ensuring smooth operation of domain addressing of the Russian segment of the Internet on the global area network.

Works on reduction of SUIB TTSI in compliance to requirements of the ISO/IEC 27001 standard were conducted since 2012. The main layer of works on implementation of the standard is implemented at the beginning of 2013 then processes of SUIB began to function in full. A year later from this point there passed the first cycle of work of all processes of SUIB, and the management of TTsI made the decision to begin preparation for certification. Specialists of AMT Group booked inspection audit based on which conclusions are drawn on achievement of the high levels of a maturity and readiness of TTsI for passing of certification audit.

The certificate of conformity is received according to the ISO/IEC 27001:2005 standard.

"The main part of works on implementation of the standard is carried out to a release of its new version in 2013 therefore the decision to be certified according to 2005 was made — Valery Temnikov, the head of department of information security of TTsI told. — Process of transition to the new version already is well under way. Certification assumes periodic carrying out inspection audit from BSI for confirmation of conformity, the next audit is planned for 2015. By this moment it is going to finish fully transition to the new version".

"The data security and systems is one of the most important aspects of normal functioning of registers of domains and all Russian system of domain registration. We bear direct responsibility for it — Alexey Platonov, the CEO of TTsI emphasized. — The complexity and complexity of systems continuously grows, the quantity and a variety of threats grows. In this situation providing Information Security should be perceived as the "continuous process" integrated into corporate management model. For implementation of this process approach we decided to use the international standard ISO/IEC 27001. Certification allowed us to confirm the reached level of a maturity of processes of cybersecurity from independent and the BSI authoritative organization. For us this new confirmation of successful strategy implementation of TTsI in the field of cybersecurity".

"From the very beginning of the project there was an effective objective finally to come for independent certification. For the last two years we observed continuous increase in a maturity of processes of SUIB. At the moment we can say that effective objectives and tasks are reached" — Sergey Terekhov, the leading consultant of AMT Group directing works on implementation of the standard noted.