Conformity assessment of information systems and business processes of MS of Rus Bank

By JSC MS Bank Rus (till 2014 Capital-Moskva bank) it was founded in 1994. Initially activity of bank was generally concentrated in the field of development financing of the enterprises of automobile business. Since April, 2014 JSC MS Bank Rus diversified the activity and opened the program, joint with Mitsubishi Corporation, for individuals for preferential crediting upon purchase of the Mitsubishi cars. Today the bank has 12 own operational offices in Moscow and St. Petersburg and also network of the operational nodes located in all dealer centers Mitsubishi in all territory of Russia. The head office JSC MS Bank Rus is in Moscow.

For implementation of primary activity the bank uses a number of the information systems (IS) performing including, automation of the transactions connected with money transfer within national payment system. This process is regulated by Regulations of Bank of Russia No. 382-P on requirements to ensuring data protection at implementation of money transfers and about a procedure the Bank of Russia of control of observance of requirements to ensuring data protection at implementation of money transfers.

For the purpose of reduction of the IC in compliance to requirements of this provision of JSC MS Bank Rus initiated assessment works of compliance of all complex of information systems and business processes of bank, including:

• The inspection of information infrastructure including development of recommendations about reduction in compliance to requirements of Provision No. 382-P for data protection at implementation of money transfers.
• Final conformity assessment to requirements of Provision No. 382-P.

The contractor on project implementation was selected on the basis of the held competition based on which "nuclear heating plant" became it, having offered the best terms and having completely fulfilled qualification requirements of tender.

Accomplishment of all complex of works took 2 months, and the project covered all points of presence of bank at the time of its accomplishment, including head office. In process the following tasks were solved:

Inspection of objects and business processes, collecting of an original informatin, analysis of the current situation:

• Determination of the IC list, participating in money transfer, their subsequent inspection.
• The analysis died on security, including physical and information security.
• Determination of the divisions and officials participating in money transfer, their roles, functions and responsibility.
• Collection of information about the business processes connected with money transfer, their functional parameters.
• Studying of a status of organizational and administrative documentation.
• Determination of the current level of compliance to requirements of Provision No. 382-P.

Development of recommendations about increase in level of compliance to requirements of Provision No. 382-P, including:

• The analytical report about a preliminary estimate of compliance to requirements.
• Offers on all package of measures, stages of development of a system of information security support.
• Recommendations about priority actions about achievement of compliance of level of information security.

Report generation about conformity assessment of a system of information security support of bank to requirements of Provision of the Bank of Russia No. 382-P.

Sergienko Inna, Head of complex information security support of AST Ltd: "For JSC MS Bank Rus at the time of their address it was important to execute the standards of the Bank of Russia which appeared then without delay. The client estimated all importance and importance of these measures "in the forefront". We carried out works based on which we not only could close completely this question, but also designated important steps on improvement of means of cybersecurity of bank that for it is one of the stated reference points".

As a result of implementation of priority actions on achievement of compliance of level of information security the value of total increased with 0.21 (unsatisfactorily) up to 0.72 (well).