OREANDA-NEWS. May 22, 2007. IC ROSNO was the first Russian company to achieve conformity of its major business processes to the international data security standards. To this end, the company has established a data security control system and certified it for ISO/IEC 27001:2005.
ROSNO, Jet Infosystems and BSI Management Systems CIS (BSI) announce successful completion of the project, whereby the partners have built ROSNO’s data security control system (DSCS) in 10 months.

ROSNO has received a certificate of compliance with the international standard ISO/IEC 27001:2005 ("Data Security Control Systems. Specifications"). This is the only international standard that is recognized around the globe1. This certificate is held by the largest international financial companies such as Alliance, Frankfurter Volksbank, Samsung Life Insurance, Citibank, Federal Reserve Bank, etc.

ROSNO’s preparation for the certification audit was conducted jointly with its business partner and advisor, Jet Infosystems, which is a certified partner of BSI — the company that has developed the abovementioned standard. Jet Infosystems employees have been certified in the field of creation of efficient DSCS and external corporate audit for compliance with ISO/IEC 27001:2005, and they have experience in the similar, successfully implemented projects, which is unique for Russia.

The certification audit of ROSNO’s DSCS was conducted by BSI, represented in Russia by the company BSI Management Systems CIS. This is the first international organization having Russian-speaking local auditors to perform ISO 27001 certification in Russia and CIS, and to develop a program of personnel training and certification in DSCS.

The implemented project has enabled the company to engage all of its divisions in providing business data security. The established DSCS has become part of ROSNO’s general management system. Construction of the company’s DSCS was entrusted to the special project team consisting of the security department employees, IT and business units. This system comprises organizational, procedural and technical means that allow minimizing risks and threats traditional for an insurance company: breach of confidentiality (theft and loss of information, including personal information of the company’s clients), data access violations (blocking and deletion), data integrity violations (unauthorized and uncontrolled modification, false data intrusion). One of the top-priority DSCS functions is to protect customer data and customer service information against unauthorized access. Among other advantages, the certification will enable ROSNO to gain competitive advantages in its work with large corporate clients, who pay special attention to data protection.

Mr. Vladimir Parshakov, Deputy General Manager of OJSC ROSNO, says: "Today, data protection is not just a "bon ton" — rather, it is an urgent necessity. Information and personal customer data constitute of the major assets of any insurance company. Data security affects the company image and the degree of customer confidence in the company. Successful certification guarantees our investors, business partners and clients that ROSNO not only renders high-quality services, but also provides maximum degree of data protection."

Mr. Boris Simis, director of the Data Security Centre, Jet Infosystems: "Creating an efficient data security control system to operate in the context of a company’s general management system is one of the most urgent issues insurance companies are facing today. To implement such a project, we need not only special knowledge on the relevant subject, but also an understanding of the customer’s business requirements. Our longstanding data security experience has enabled us to find an efficient solution for ROSNO."

Ms. Natalia Gorobets, General Manager, BSI Management Systems CIS: "Being a leader in standards development and management systems registration, BSI Management Systems uses innovative solutions to assist its clients in gaining competitive advantages. ROSNO has done a solid job, becoming the first Russian insurance company to prove its clients and business partners that it meets the international standard ISO/IEC 27001:2005. Thus, ROSNO entered the limited club of the world’s major insurers, such as Alliance Assurance Inc. (Canada), who have registered their management systems in BSI."