DialogNauka checked compliance of IT systems of Krayinvestbank to requirements of the Bank of Russia
Customers: Krayinvestbank (Krasnodar edge investment bank) Krasnodar; Financial services, investments and audit Contractors: DialogNauka Product: Projects of external audit of IT and security (in tch PCI DSS and SUIB)Project date: 2017/12 - 2017/02
|
Content[Collapse] |
The DialogNauka company, system integrator in information security field, in March, 2018 announced project completion according to fulfillment of requirements of provision of Bank of Russia No. 382-P in "The Krasnodar edge investment bank".
Tasks
As you know, following to the legislation in the field of the data protection (DP) and security of work at banking operations is a compulsory provision for implementation of banking activity in the territory of the Russian Federation. For improvement of a status of information security of bank and also for the purpose of check of ensuring compliance to requirements of the regulator Krayinvestbank decided to address the company owning necessary competences for work on conformity assessment of a system of information security support to requirements of the standard of the Bank of Russia and Provision of the Bank of Russia 382-P.
The task of carrying out independent objective assessment of accomplishment by bank of the requirements to ensuring data protection set by provision 382-P at implementation of money transfers was set for specialists DialogNauka.
Project Progress
Within the project the following services were rendered:
- preparation for evaluating compliance;
- documentary check;
- collecting of evidence of conformity assessment;
- conformity assessment and formation of reporting materials.
At the first stage by preparation of bank for evaluating compliance to requirements 382-P jointly with specialists of the customer the structure and an order of evaluating compliance was defined and also the list of documents which can be sources of certificates on fulfillment of requirements on providing ZI at implementation of money transfers is formulated.
Further the analysis of the documents provided by Krayinvestbank for the purpose of assessment of accomplishment of separate requirements was carried out. On analysis results the plan of evaluating compliance on site was developed.
At a stage of obtaining evidence of conformity assessment consultants of DialogNauka executed collecting, documentation and check of reliability of evidence of conducting activities for ensuring data protection at implementation of money transfers in bank. Also calculation of different quantitative indices of level of a current status of data protection and detection of the discrepancies defining degree of compliance of ZI (was carried out at implementation of money transfers) to requirements of provision 382-P.
When evaluating compliance the generalizing indicators characterizing fulfillment of requirements of provision 382-P to providing ZI at implementation of money transfers in bank were used.
Project Results
Based on the carried-out assessment reporting materials were created, the conclusion and recommendations about optimization of an information security system at implementation of money transfers is submitted.
Using consultants of DialogNauka we performed check of compliance of information systems to requirements of provision No. 382-P and received positive assessment of a status of information security of our bank — Alexander Sinitsyn, the head of department of information security of Department of security of Krayinvestbank commented on project results. |