OREANDA-NEWS. ROSNO is the first Russian insurance company to achieve conformity of its major business processes to the internationally recognized information security standard. To this end, the company has established an Information Security Management System and certified it for ISO/IEC 27001:2005, reported the press-centre of  Jet Infosystems.


ROSNO, Jet Infosystems and BSI Management Systems CIS (BSI) announce successful completion of the project, whereby the partners have implemented ROSNO’s Information Security Management System (ISMS) in 10 months. ROSNO has received a certificate of compliance with the international standard “ISO/IEC 27001:2005. Information technology - Security techniques - Information security management systems - Requirements”. This is the only information security standard that is recognized around the globe. This certificate is held by the largest international financial and insurance companies such as Alliance, Frankfurter Volksbank, Samsung Life Insurance, Citibank, Federal Reserve Bank, etc.


ROSNO’s preparation for the certification audit was conducted jointly with its business partner and advisor Jet Infosystems which is a Certified Partner of BSI - the company that has developed the above-mentioned standard. Jet Infosystems employees have been certified in the field of development of efficient ISMS and external corporate audit for compliance with ISO/IEC 27001:2005, and they have experience in the similar, successfully implemented projects, which is unique for Russia.


The certification audit of ROSNO’s ISMS was conducted by BSI, represented in Russia by the company BSI Management Systems CIS. This is the first international organization having Russian-speaking local auditors to perform ISO 27001 certification in Russia and CIS, and to develop a program of personnel training and certification in ISMS. The implemented project has enabled the company to engage all of its divisions in providing business data security. The established ISMS has become part of ROSNO’s general management system. Development of the company’s ISMS was entrusted to the special project team consisting of the security department employees, IT and business units.


This system comprises organizational, procedural and technical means that allow minimizing risks and threats traditional for an insurance company: breach of confidentiality (theft and loss of information, including personal information of the company's clients), data access violations (blocking and deletion), data integrity violations (unauthorized and uncontrolled modification, false data intrusion). One of the top-priority ISMS functions is to protect customer data and customer service information against unauthorized access.


Among other advantages, the certification will enable ROSNO to gain competitive advantages in its work with large corporate clients, who pay special attention to data protection. Mr. Vladimir Parshakov, Deputy General Manager of OJSC ROSNO, says: “Today, data protection is not just a “bon ton” – rather, it is an urgent necessity. Information and personal customer data constitute of the major assets of any insurance company. Data security affects the company image and the degree of customer confidence in the company. Successful certification guarantees our investors, business partners and clients that ROSNO not only renders high-quality services, but also provides maximum degree of data protection”.


Mr. Boris Simis, director of the Information Security Centre, Jet Infosystems: “Implementation of an efficient Information Security Management System to operate in the context of a company’s general management system is one of the most urgent issues insurance companies are facing today. To accomplish such a project, we need not only special knowledge on the relevant subject, but also an understanding of the customer’s business requirements. Jet’s longstanding experience in the information security area has enabled us to find an efficient solution for ROSNO”.


Ms. Natalia Gorobets, General Manager, BSI Management Systems CIS: “Being a leader in standards development and management systems registration, BSI Management Systems uses innovative solutions to assist its clients in gaining competitive advantages. ROSNO has done a solid job becoming the first Russian insurance company to prove its clients and business partners that it meets the international standard ISO/IEC 27001:2005. Thus, ROSNO entered the limited club of the world’s major insurers, such as Alliance Assurance Inc. (Canada) who have registered their management systems in BSI”.