10.08.2017

Iinformzashchita has confirmed MINBANK’s compliance with the high standards of the bank of Russia

The company INFORMZASHCHITA has completed the process of assessing the PJSC Moscow Industrial Bank’s compliance with the requirements of the Standard of the Bank of Russia. According to its results, PJSC MINBANK received a high assessment and successfully confirmed compliance with the Bank of Russia’s information security  requirements for SRT BR IBBS-1.0-2014 and Bank of Russia Regulation No. 382-P, including verification compliance with the requirements of legislation in the field of personal data. Such an assessment is conducted every two years and guarantees the high security of the circulating banking processes.

The results of the external assessment conducted by INFORMZASHCHITA showed that the level of compliance of the information security of PJSC MINBANK is equal to 0.92 (the fourth level on a five-level scale) of compliance with the requirements of the Standard of the Bank of Russia. And the final indicator according to the requirements of Regulation No. 382-P is 0.89 (on a scale from zero to one). These values are recommended by the Bank of Russia, according to the methodology for evaluating SRT BR IBBS-1.2-2014 and Regulation No. 382-P for organizations in the banking system of Russia.

Thus, the Bank’s assessment confirms the high degree of compliance with the requirements of the Bank of Russia Standard and allows it to occupy a high position in terms of ensuring information security in the Russian banking sector. In addition, compared with the previous assessment two years ago, the Bank ensured the fulfillment of more requirements and raised its final score from 0.88 to 0.92.

Bank of Russia Regulation No. 382-P is a set of mandatory requirements for the protection of information in the national payment system of Russia. This document was developed by the Bank of Russia under the framework of the implementation of the Federal Law No. 161-FZ of the Russian Federation “On the National Payment System” and is mandatory for all organizations involved in money transfers. According to the instruction of the Bank of Russia 2831-U, the results of the conformity assessment should be sent to the Bank of Russia in the form of OKUD  0403202 at least once every two years and not later than 30 days after  the completion of the compliance assessment.

Moscow Industrial Bank appealed to INFORMZASHCHITA to obtain a qualified assessment of the state of information security, as well as to obtain expert advice and improve the efficiency of work in the field of information security. And, as a consequence, to reduce the Bank’s risks from incidents, to increase the customer confidence.

“We conducted an assessment of the Bank in 2012 and 2017. What then and that which we now have observed is a high level of awareness of the Bank in information security matters, commented Vasily Karkach, Head of the Department for Interaction with Key clients from INFORMZASHCHITA. The work of this kind contributes to building long-term partnerships, since our goal is not an audit for the sake of an audit, but the creation of a policy of maintaining and developing the level of information security of the Bank in the trend of modern threats.”

 

“The information security audit conducted by independent independent audit organizations external to the bank is one of the forms of verification and control of the bank’s compliance with the requirements of the standard, said Aleksei Yurievich Samokhin, head of the information security department of the Department of Security and Information Protection of PJSC MINBANK. – As external  organizations, the Bank of Russia recommends involving organizations that have experience in assessing the compliance of information security  requirements of the STO BR IBBS-1.0 standard. Therefore, we have chosen cooperation with the company INFORMZASHCHITA, whose portfolio contains dozens of such projects.”