How to fulfill the requirements of provision of the Bank of Russia No. 382-P

The DialogNauka company, system integrator in information security field, completed in the summer of 2015 assessment of fulfillment of requirements of provision of Bank of Russia No. 382-P and also booked an information security audit of a system of information security support for CB Renessans. As a result of check the positive conclusion about accomplishment by bank of requirements to ensuring data protection at money transfers was created and the list of recommendations about possible improvement of the systems of information security support of bank is prepared.

CB Renessans is financially credit institution which basis of policy following to the new information and banking technologies XXI centuries, implementation of the most modern and relevant banking services and improvement of the business processes performed with direct participation of bank forms. The loan portfolio of bank for January 1, 2015 was 6.08 billion rubles. CB Renessans is a participant of the "An integrated settlement system" locating more than 45,000 points of customer service. The bank logs in compulsory deposit insurance since September, 2005.

Following to the legislation in the field of data protection and security of work at banking operations is a compulsory provision for implementation of banking activity in the territory of the Russian Federation. For improvement of a status of information security of bank and also for the purpose of check of ensuring compliance to requirements of the regulator CB Renessans decided to address the company owning necessary knowledge and resources for work on conformity assessment of a system of information security support to requirements of the standard of the Bank of Russia and Provision of the Bank of Russia 382-P.

After detailed acquaintance with proposals of participants of the market of information security, their competences and recommendations, CB Renessans selected DialogNauka company as the contractor of the project on the organization of conformity assessment to requirements of Provision of the Bank of Russia No. 382-P and carrying out audit of cybersecurity.

The main tasks set for specialists of JSC DialogNauka were carrying out independent objective assessment of accomplishment by bank of the requirements to ensuring data protection set by provision 382-P at implementation of money transfers and also instrumental check of reliability of an information security system of CB Renessans.

In coordination with the customer the project was divided into 5 main stages:

• preparation for evaluating compliance;
• documentary check;
• collecting of evidence of conformity assessment;
• conformity assessment and formation of reporting materials;
• information security audit of a system of providing Information Security.

Preparation of bank for evaluating compliance to requirements 382-P became the first step: together with the customer the structure and an order of evaluating compliance were defined and the list of documents which can be sources of evidence of fulfillment of requirements to ensuring data protection at implementation of money transfers was created.

The following item carried out the analysis of the documents provided to CB Renessans on compliance to criteria for evaluation of compliance. On analysis results within this work collecting, documentation and check of reliability of evidence of conformity assessment to provision 382-P were performed and also the plan of evaluating compliance on site is developed.

Further at a stage of collecting of evidence of conformity assessment the command of JSC DialogNauka carried out calculation of the different indicators defining degree of compliance of data protection at implementation of money transfers to requirements of provision 382-P, reporting materials are created and recommendations about improvement of data protection at implementation of money transfers are submitted.

At an information security audit of CB Renessans the instrumental analysis of security for detection of technology vulnerabilities and errors in hardware-software providing was used. As a result of the booked audit the report containing results of the carried-out instrumental analysis of corporate network of the customer, assessment of the existing processes of cybersecurity and the recommendation about improvement of processes of information security support was prepared. On the termination of the complete list of works DialogNauka issued to CB Renessans the positive conclusion about a full compliance of security of information systems of bank to provision 382-P.