Jet Infosystems conducted an IT audit of Loko-Bank's infrastructure

2023: Infrastructure IT Audit

Specialists Jet Infosystems"" completed a comprehensive assessment of JSC LOCO-Bank"" for compliance with the requirements of Regulations Bank of Russia No. 719-P, 683-P, 802-P in the field. information security The audit confirmed a high degree of compliance with bank strict regulations in this area. This was reported to Jet Infosystems on September 27, 2023.

Every two years, credit institutions must conduct independent audits of information safety for evaluation of implemented protection measures. Requirements of Bank of Russia Regulations No. 719-P, 802-P and 683-P are aimed at protecting information during banking operations and vary in depending on the role of the organization (for example, a money transfer operator) performed in the financial ecosystem. The results of such audits should be submitted to the Bank of Russia.

The financial industry is still in the focus of the attackers' attention, so the bank needs to constantly maintain information security processes in order to prevent negative events, for example, theft of funds from customer accounts. When building a protection system, we take into account not only best practices, but also, first of all, the requirements of regulators in the field of information security. The professional and systematic work of our team has led to a positive result, - explained Ilya Kostenkov, Head of the Information Security Service of Loko-Bank.

Specialists of the IT company "Jet Infosystems" have completed a comprehensive project, which includes analysis of a large number of developed documentation in the field of information security, conducting interviews with specialists from IT and information security divisions, assessment of compliance of the main banking business systems and IT of the bank's infrastructure to regulatory requirements, preparation of a report on the results of the project completion in the form and testing for penetration established by the Bank of Russia. In addition, based on the results of the audit The company "Jet Infosystems" calculated indicators not only according to the standard GOST57580, but also under Bank of Russia Regulations No. 719-P, 802-P and 683-P.

{{quote 'For the bank, this audit is not new, since it has already been conducted. The review of the last audit conducted by Loko-Bank has done a great job in terms of elimination of previously identified non-conformities, implementation in accordance with the requirements of the standard GOSTR57580.1-2017 the necessary security subsystems. Based on the audit results, it can be concluded that compliance with the Bank of Russia's information security requirements is an integral part of the development strategy audited organization, "said Pavel Novozhilov, head of the information security compliance audit department of Jet Infosystems.}}

The Jet Infosystems team also conducted an audit of the current state of information security: assessed the maturity of information security processes, the effectiveness of information protection tools, personnel and methodological components of information security. The result of the work was a strategy for the development of information security for three years, which defines the target IS level and a phased achievement plan has been prepared. A feature of the developed strategy is emphasis on compliance with the requirements of Bank of Russia regulations, which will allow not only comply with the requirements of the regulator, but also increase real security.

2020: IT audit of Loko-Bank's infrastructure

On September 29, 2020, Jet Infosystems announced that it had conducted an IT audit of Loko-Bank's infrastructure. As a result, IT infrastructure development points were identified and further optimization steps were proposed, which are expected to help the bank reduce IT equipment maintenance costs by 30% and simplify the management of IT infrastructure as a whole.

To assess how the IT infrastructure meets these goals and will be able to support the development of the bank in the next three years, the Jet Infosystems team performed a large-scale IT audit: more than 100 pieces of equipment were in focus.

IT experts have investigated computing complexes, storage systems (DSS), storage area network (SAN) in three data centers. The bank implemented the concept of disaster tolerance, therefore, its actual implementation was separately assessed - the organization of interaction between sites, the processes of working out failures and the use of practices in this area. In addition, the specialists investigated the process of maintaining the IT infrastructure, studying the documents and conducting interviews with representatives of IT and business areas of the bank. The main criteria for assessing Loko-Bank's IT infrastructure were reliability, performance, scalability and optimality of IT costs to ensure the necessary indicators of service quality.

As a result of the analysis, experts from Jet Infosystems identified the strengths of the bank's IT infrastructure, and also identified technological risks. Based on this information, the bank was offered recommendations for optimizing its IT infrastructure and achieving a state that meets current and future business requirements.

"Our bank is focused on massive development, so before we set foot on a path of change, we wanted to make sure we were fundamentally prepared for that from the IT side. The initiative comes from the shareholders of Loko-Bank, and audits followed by the preparation of development programs are an ongoing practice. This helps the organization to be effective. Evaluating the IT infrastructure through the prism of present and future business goals is a difficult task. The Jet Infosystems team meticulously analyzed the state of "as is," and then was able to rise above the details and propose changes to the IT infrastructure that will prepare it for the challenges of tomorrow, "said Rinat Galiyanov, Advisor to the Chairman of the Management Board of Loko-Bank. "As a result, we received a roadmap for projects based on optimal solutions in terms of cost and have already begun to implement them."

In particular, the bank supported the initiative to consolidate its DSS of systems and distribute data to separate storage tiers in accordance with their availability and performance requirements. This will increase the readiness of Loko-Bank for the emergence of new business systems that ensure the launch of new banking products on the market, as well as reduce payments for technical support of outdated equipment, rental of standing rooms, cooling and energy consumption, and increase the efficiency of using IT resources.

Optimization steps were proposed by experts of Jet Infosystems on all blocks of the bank's IT infrastructure. For example, the number of server hardware required by the bank was reduced by three times, and DSS - by half. It was also possible to reduce the cost of supporting network equipment by optimizing its structure.

"Our experience of complex projects helped to achieve results in two directions at once: to connect the state of the IT infrastructure with the business goals of the future and, at the same time, to gain savings for the customer, simplify management," said Natalya Berebneva, business development manager at Jet Infosystems. - This was achieved thanks to the support of both IT managers and businesses. They showed a deep interest in IT auditing and an understanding of the importance of IT infrastructure at the heart of the bank's services. "