Security Vision has introduced a compliance system at Tinkoff

2023: Implementation of Security Vision Security Governance, Risk Management and Compliance

Security Vision has implemented the Security Vision Security Governance, Risk Management and Compliance (SGRC) regulatory reference system at Tinkoff. It was used to manage compliance with regulatory requirements, including the provisions of the Bank of Russia and PCI DSS, as well as to automate internal bank audit processes. Security Vision announced this on December 27, 2023.

During the work, Security Vision specialists, in close cooperation with the Tinkoff Information Security Department, implemented mechanisms for adding new requirements and documents of regulators, revising internal documents, collecting evidence of compliance with regulatory requirements, as well as internal standards of the bank. Two-way integration of Security Vision SGRC with the Tinkoff ticket system has been established. The vendor's specialists also helped to correlate the requirements of various standards.

The implementation of Security Vision SGRC allows you to improve the process of monitoring compliance with the requirements of international and domestic standards and regulatory documents in the field of cybersecurity. The system helps to increase the level of compliance, see the relationship of standards with each other, and also have at its disposal up-to-date information on the procedures that need to be implemented to ensure compliance with each requirement, said Roman Ovchinnikov, head of execution at Security Vision.

For Tinkoff, it is important not only to ensure the safety of all systems and compliance with both our high requirements and the recommendations of regulators, but also to organize the work as efficiently as possible. For internal banking systems, we apply the same approach as for client services from the point of view of UX - convenience, seamless, so that employees are as comfortable as possible to use them. To do this, we attract both domestic developers and the best market players who use world and Russian solutions. Thanks to the refinement, it was possible to set up internal audit processes and simplify control over compliance with the requirements of the regulator, noted Anton Kryukov, head of the methodology department of the information security department of Tinkoff.