Platformix conducted a survey of Sogaz-Life information systems

2024: Information Systems Audit

Platformix conducted a survey of Sogaz-Life information systems. Platformix announced this on November 7, 2024.

The project provided the insurance company with the opportunity to bring resources in line with the requirements of the Bank of Russia to protect information.

According to clause 1.4 of the Bank of Russia 757-P Regulations, information protection in information systems of a non-bank financial institution must comply with the requirements of GOST R 57580.1-2017. A third-party organization licensed by FSTEC of Russia has the right to assess the company's compliance with these requirements.

At the first stage, the integrator team tested the customer's penetration systems and conducted an information security audit. In particular, interviews with employees were conducted, organizational and administrative documents, settings of application and system software, cryptographic information protection tools and IPS were analyzed. After that, Platformix experts developed a roadmap for SOGAZ-LIFE and recommendations for modernizing information security systems. Platformix experts also assisted in setting up and piloting various information protection tools. At the end of the project, a repeated information security audit was carried out, as a result of which the insurance company received a report with the results of assessing the compliance of the protection of information of SOGAZ-LIFE with the requirements of the Central Bank of the Russian Federation dated April 20, 2021 No. 757-P and GOST R 57580.1-2017, with the conclusion that the insurance company achieved the 4th level of compliance.

In the course of its work, the insurance company deals with a large amount of data of a personal nature or related to trade secrets. Leakage of such information threatens financial and reputational risks to both us and our customers. Therefore, the security of information is extremely important for us. Cooperation with Platformix gave us the opportunity to bring information systems in full compliance with the requirements of the regulator. The Platformix team has high competencies in information security issues, thanks to which the project was successfully implemented in accordance with all agreements, said Vladimir Satsevich, head of the security group, SOGAZ-LIFE.

The insurance business is obliged to meet numerous strict information security requirements. We were glad to help SOGAZ-LIFE strengthen the security of IT infrastructure and critical nodes, confirm the high level of information security and full compliance with regulatory requirements, noted Olga Melnikova, consultant of the audit and consulting group of the information security department "Platformix."