Assessing compliance of Banks ISMS with the Bank of Russias Standard on ISMS in the Banking System of the Russian Federation

We offer banks services in the independent assessment of compliance of the bank’s Information Security Management System (ISMS) with the requirements of the Bank of Russia’s Standard on Information Security Management Systems in the Banking System of the Russian Federation 1.0 “General Provisions”.

The compliance assessment can be carried out with varying degrees of disclosure of the condition of the bank’s ISMS.

All formats of the compliance assessment procedure are based on the Bank of Russia’s Standard on ISMS in the Banking System of the Russian Federation 1.2 2010 “Information Security of Organisations in the Banking System of the Russian Federation. Methodology of Assessing the Compliance of Information Security of an Organisation in the Banking System of the Russian Federation with the Bank of Russia’s Standard on ISMS in the Banking System of the Russian Federation 1.0 2010” (hereinafter - Methodology).

These differ only in the depth of analysis, the volume of recommendations which are generated for improving the ISMS, and the accuracy of the assessments made, and hence - the complexity, volume and cost of work involved, and are designed to solve different problems.

A rapid compliance assessment is recommended in the initial stages of creating an ISMS in order to make a fast and inexpensive determination of the initial assessment of the bank’s information security. The results of a rapid assessment have some methodological errors in assessing compliance since it has a lower level of detailed analysis than is laid down by the prescribed Methodology. On the other hand, it enables the direction to be determined in which the ISMS must be developed during the initial phase of the work.

The compliance assessment is based on an analysis of relevant management documents and the organisation of the operating ISMS, questionnaires and observations. The assessment result is formed in full adherence to all the requirements for a separate analysis of the information security software for different technological processes at the bank and takes into account the provisions in Addendum B in the Methodology of the Bank of Russia’s Standard on ISMS in the Banking System of the Russian Federation 1.2 2010.

This rapid assessment of compliance with the Bank of Russia’s Standard on ISMS in the Banking System is carried out using software tools developed by FBK.

As a result of the assessment, materials are produced for the compliance report and recommendations on the formation of a work plan to build or substantially improve the Bank’s ISMS.

We are also ready to conduct an independent audit of your bank’s information security in accordance with the provisions of the Bank of Russia’s Standard on ISMS in the Banking System of the Russian Federation.

The audit on information security is conducted in accordance with the Methodology of the Bank of Russia’s Standard on ISMS in the Banking System of the Russian Federation 1.2 2010 “Information Security of Organisations in the Banking System of the Russian Federation. Methodology of Assessing Compliance of Information Security of an Organisation in the Banking System of the Russian Federation with the Bank of Russia’s Standard on ISMS in the Banking System of the Russian Federation 1.0 2010” and based on an analysis of documents and relevant evidence from the information security audit, interviews with bank employees and observing how the ISMS functions in practice. The results of the information security audit are processed using the software package Exact Flow “Compliance Assessment” recommended by the Bank of Russia for conducting compliance audits.

Upon the completing work, FBK prepares a detailed report on the results of the audit of the Bank’s ISMS in terms of its compliance with the requirements of the Standard and with a detailed analysis of the Bank’s ISMS, as well as recommendations to address weak points which satisfy the provisions of the Bank of Russia’s Standard on ISMS in the Banking System of the Russian Federation 1.1 2007 “Information Security of Organisations in the Banking System of the Russian Federation. Information Security Audit”.

The report also contains conclusions regarding the level of compliance of the ISMS with regulatory requirements and indicates deficiencies in the system and the optimal ways in terms of cost and effectiveness to increase the levels of maturity and compliance with requirements, taking into account the significance of the influence of the identified deficiencies on the overall level of information security.

According to the results of the information security audit and compliance assessment, a Confirmation can be prepared certifying compliance with the Bank of Russia’s Standard on ISMS in the Banking System of the Russian Federation 1.0, 2010, which must be submitted to the Bank of Russia, the Federal Service for Technical and Export Control, the Federal Security Service (FSB) and the Federal Supervision Agency for Information Technologies and Communications (Roskomnadzor).

Alexey Terekhov, FBK Partner and Vice-President for Auditing and Consulting Services to Financial Institutions, is always ready to tell you more about our services in information security and personal data protection for financial institutions.
E-mail - bank@fbk.ru

FBK’s services in information security:


Back to the section
Send request
E-mail*
Contact information
Who are you? How can we contact you? (phone, Skype, other)
Question*
Please type in the symbols shown in the image below*
* - Required fields