OREANDA-NEWS. CROC has become the first company in Russia and the CIS to certify its information security management system (ISMS) for compliance with the ISO/IEC 27001:2013 international standard. The audit was completed by BSI (British Standards Institution), an international leader in management system certification.

The new ISO/IEC 27001:2013 standard published in 2013 reflects the changes in the information technology market and replaces its predecessor - ISO/IEC 27001:2005. The new 2013 version details ISMS requirements and simplifies integration of multiple enterprise management systems.

Successful ISO/IEC 27001:2013 certification means that CROC has achieved a high level of information security through both technical solutions and organizational practices. For customers, CROC's audit by reputable experts guarantees data confidentiality.

“We regularly analyze information security risks within the company and develop and implement new security methods and tools. Overall, it took us about six months to bring our ISMS in line with the ISO/IEC 27001:2013 requirements. Today, our information security management system complies with both Russian GOST R ISO/IEC 27001-2006 and international standards,” comments Mikhail Bashlykov, Head of Information Security Business at CROC.

“For the second time, CROC has become a Russian pioneer with regard to information security management system certification: first for ISO/IEC 27001:2005 in 2005, and now for the ISO/IEC 27001:2013 standard, which covers the world's best information security practices. During the audit, CROC's management team has again demonstrated the progress made regarding ISMS improvement and the high maturity level of proven processes based on advanced information security methods and tools,” says Valeri Girko, Lead Auditor, BSI.