Software tools for assessing compliance with the Bank of Russia’s Standard on ISMS in the Banking System of the Russian Federation 1.0

Terekhov
Alexey

Partner, FBK’s Vice-President for Audit and Consulting Services to Financial Institutions

+7 495 737-53-53

bank@fbk.ru

FBK has independently developed software tools, which it maintains in accordance with the current state of the Bank of Russia’s Standard on Information Security Management Systems (ISMS) in the Banking System of the Russian Federation for determining assessments of compliance with the requirements of the Standard.

The software tools have been developed on the basis of the Methodology of the Bank of Russia’s Standard on Information Security Management Systems (ISMS) in the Banking System of the Russian Federation 1.2 2010, “Information Security at Organisations of the Banking System of the Russian Federation. Methodology of Assessing Compliance of Information Security at an Organisation in the Banking System of the Russian Federation with the Bank of Russia’s Standard on Information Security Management Systems (ISMS) in the Banking System of the Russian Federation 1.0 2010.”
There are two versions of the software tools – one for a rapid assessment and one for an assessment of compliance with the requirements of the Standard.

A rapid compliance assessment is recommended in the initial stages of creating the ISMS in order to make a fast and inexpensive determination of the initial assessment of the bank’s information security. The result of the rapid assessment have some methodological errors in assessing compliance since it has a lower level of detailed analysis of the ISMS components, but it nevertheless enables a rapid determination of the direction in which the ISMS must be developed during the initial phase of the work.

The compliance assessment is based on an analysis of relevant documents for managing the ISMS, interviews and observations. The assessment result is in full compliance with all the requirements for a separate analysis of the information security software for different technological processes at the bank and takes into account the provisions in Addendum B in the Methodology of the Bank of Russia’s Standard on ISMS in the Banking System of the Russian Federation 1.2 2010.
The software tools are based on workbooks from MS Office Excel 2003 and later versions.
FBK can supply these tools for the assessment and rapid assessment of compliance with Bank of Russia’s Standard on ISMS in the Banking System of the Russian Federation 1.0 2010 for banks and organisations providing audits on information security.

These software tools are designed for organisations conducting their own in-house compliance assessments, which must be incorporated into the information security management systems of financial institutions, while the ISMS itself must meet the Bank of Russia’s Standard on ISMS in the Banking System of the Russian Federation.

The software can be used by companies when conducting audits (compliance assessments) of the Information Security Management Systems at financial institutions.
 
Alexey Terekhov, FBK Partner and Vice-President for Auditing and Consulting Services to Financial Institutions, is always ready to tell you more about our services in information security and personal data protection for financial institutions.
E-mail - bank@fbk.ru

FBK’s services in information security:

• Ensuring personal information security
• Creating and modernising information security systems
• Assessing ISMS compliance with legislative requirements and standards
• Assessing compliance of banks’ ISMS with the requirements of the Bank of Russia’s Standard on Information Security Management Systems (ISMS) in the Banking System of The Russian Federation
• Projects on information security

Back to the section