OREANDA-NEWS. February 19, 2010. ROSNO’s data security control system (DSCS) has once again proved its reliability. According to the results of the latest audit, the company BSI reconfirmed compliance of the said DSCS with the ISO 27001:2005 requirements, reported the press-centre of ROSNO.

In 2007, the data security control system adopted by IC ROSNO was for the first time certified under ISO/IEC 27001:2005 "Data Security Control Systems. Specifications". ROSNO became the first Russian insurance company whose business processes related to protection of information about its clients and business partners successfully passed the check for compliance with worldwide standards. The similar certificate is held by the largest international financial companies such as Alliance, Frankfurter Volksbank, Samsung Life Insurance, Citibank, Federal Reserve Bank, etc.

The DSCS developed by ROSNO covers all of the company’s business processes. This system comprises organizational, procedural and technical means that allow minimizing risks and threats traditional for an insurance company, including: breach of confidentiality (theft and loss of information, including personal information of the company’s clients), data access violations (blocking and deletion), data integrity violations (unauthorized and uncontrolled modification, false data intrusion). The top-priority DSCS function is to protect customer data and customer service information against unauthorized access.

"Today, given the increasingly high-tech nature of crime, it is hard to overemphasize the importance of data security. All personal data submitted to us by our clients and business partners shall be reliably protected. The safety of such information guarantees that the company enjoys trust and loyalty of insurants. The certification under international standards is a reliability guarantee. However, the certificate awarded in 2007 does not mean that we should rest on our laurels. Our company is actively developing, and we are improving the efficiency of the existing business structure on an ongoing basis. During the last three years, the company implemented large-scale changes in its internal organization, requiring fine-tuning of the DSCS as well. Along with the foregoing, ROSNO is currently implementing the project whereby its personal data information systems are adjusted to comply with FZ 152 „Personal Data“. The international ISO standards and provisions of the Russian legislation complement each other and guarantee safety of the company’s information resources, including personal data", notes Mr. Anatoly Mordvinov, head of the Division for Technical Protection of Information, in charge for the DSCS operation.