CB Natsionalny standart protected personal data

The DataSecurity Technologies company completed the first stage of the complex project on reduction of a system of information security support of National Standard bank in compliance to requirements of service station of BR IBBS.

Results of activity of the Central Bank of the Russian Federation and bank community on harmonization of the industry legislation on information security - the Complex of documents BR IBBS with Federal law No. 152-FZ "About personal data" - allowed banks to look at a perspective of processing and personal data protection in a new way.

The new version of the bank standard on information security approved with regulators in the field of personal data will help banks to build the viable system of information security support considering specifics of banking activity and the requirement of FZ-152.

The complex project implemented in "The national standard" will allow to bring at the same time the system of providing Information Security of bank into accord to both the standard of the Bank of Russia, and requirements of the legislation for personal data. It should be noted that the project started at the initiative of the management of bank to an official approval of documents of the BR IBBS series in the new edition that corresponded to the recommendations of the Central Bank of the Russian Federation and councils of experts, and made possible end of the first and most difficult stage until the end of the year.

Successfully completed stage of the project allowed:

• carry out inventory of all data assets of bank which are subject to protection;
• select personal data information systems (ISPDN);
• reveal the existing discrepancies to the standard of service station of BR IBBS;
• develop recommendations about elimination of the detected discrepancies and vulnerabilities of a system of providing Information Security;
• develop a packet of internal documentation on information security of bank (politicians, regulations, instructions, etc.);
• regulate an information security management system in bank;
• bring processing of personal data into accord with the law.

Results of the carried-out works also became a basis for implementation of the next stages of the project, the most important of which is the choice and implementation of the technical solutions allowing to provide a full compliance to the industry and Federal legislation.

Summing up the results of the 1st stage of the project, Ovchinnikov Denis, the head of department of information and economic safety of National Standard bank, notes: "The completed stage of the planned complex project was, undoubtedly, of exclusive importance as laid the foundation to creation of a new information security system of bank – the system capable not only to solve the practical problems assigned to it, but also to meet all modern requirements including to legal acts of the Russian Federation".

The chief executive of the Sponge company DataSecurity Technologies Oleg, telling about the project course, emphasizes importance of the constructive approach: "Success practically of any project in the field of information security in many respects depends on efficiency of interaction both the customer with the contractor, and involved in the project of divisions of the customer among themselves. In this respect the project in National Standard bank can be a good example for mid-sized and small Russian banks in respect of the organization of works, interest of employees and their aiming at the general success. I do not doubt that at such approach to case the final result of the project will meet completely expectations of all concerned parties".