JSC Meditsina confirmed compliance of an information security management system on ISO/IEC 27001:2005

The JSC Meditsina clinic confirmed compliance of the information security management system (ISMS) to requirements of the international standard ISO/IEC 27001:2005 "to Information technology. Security techniques. Information security management systems. Requirements is Information technologies. Security methods.

Information security management systems. Requirements". For summer of 2014 of JSC Meditsina – the only thing in Russia and the CIS countries the medical institution having the international certificate of compliance to requirements of this standard.

Auditors of BSI Russia (British Standards Institution – British Standards Institute) carried out the selective assessment of elements of field of registration of SUIB of Meditsina clinic. Inspection audit showed that the information security management system of Meditsina clinic reliably resists to external and internal threats, develops in the field of management processes and is capable to maintain compliance to rates of development of these processes and to their direction.

Audit area was the documentary management system stated to compliance to requirements of the ISO/IEC 27001:2005 Standard.

"Presence of the certificate of conformity of ISO27001:2005 at Meditsina clinic speaks about the high level of reliability of the company which is provided thanks to the high degree of protection of the information which is stored, processed and transferred within an information system including information on patients, customers, partners and suppliers", - the information security engineer of Meditsina clinic Sergey Smolin says.

ISO/IEC 27001:2005 standard "Information technology. Security techniques. Information security management systems. Requirements is Information technologies. Security methods. Information security management systems. Requirements" it is developed by International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC). It represents the list of requirements to an information security management system, defines the purposes and control facilities allowing to support it up to standard in the context of the existing business risks.

The assessment of an information security management system is carried out annually, the next visit of auditors to Meditsina clinic is planned for July, 2015.