In order to improve information security, both the Bank of Russia and the Russian Banking System was developed by Standard Bank of Russia STO BR IBBS-1.0-2010 «Information security organizations of the banking system of the Russian Federation" (general provision).

Standard Bank of Russia is in favor of a regular audit of information security in organizations BS RF.

Audit and Consulting Group LLC "The leaf and Partners" guided by standards of the Bank of Russia: «Information security audit" STO BR IBBS-1.1-2010, and «Methodology Conformity assessment of information security organizations the Russian banking system requirements STO BR IBBS-1.0-2010 "STO BR IBBS-1.2-2010 offers services in auditing to assess compliance with security requirements of the Bank of Russia.

Field Audit:

• Organizational documents of the Bank, establishing procedures for ensuring information security.
• automated system, consisting of staff and the complex of automation of its activities, implementing information technology performance of the functions of the Bank.

Actual problems of security of credit institutions:

How to check the adequacy
• information security management system to today's realities, to find vulnerabilities and to identify possible options for the penetration from the outside?
• How to increase confidence in the organization from customers and the regulator?
• How to organize a system of information security self-assessment of the bank with the necessary tools and instruments?

One of the conditions of the purposes of credit institutions is to ensure that the necessary and sufficient level of information security (IS). The main types of checking the level of information security is to assess compliance. The world experience in the field of information security defines it as the most important process in a continuous loop process to ensure information security organization.

How is conformity assessment

In assessing compliance with the Bank's information security, the following work:

• Preparing for assessment.
• Assess Information Security on the site.
• survey staff of the audited entity and an independent (third) party.
• study setting technical means to ensure information security.
• Following the work of the organization's information security.
• Casting Kit documentation on the security of the bank to the provisions of the Standard.
• collection of evidence for assessing information security evaluation.
• Conduct final meeting with the Bank's management
• Preparation of the report and conclusions on the results of conformity assessment requirements of the Bank's Information Security
• signing the act of acceptance of work performed. Completion of the project.

management of the audited entity is responsible for:

• reliability and completeness of the audit organization information;
• any restrictions on the feasibility of an audit firm of its obligations.

to perform work in the field of auditing information security are involved only highly qualified specialists, namely: the developers of standards, technical experts in the field of building security systems specialists with practical experience in construction lending institutions in information security management systems in accordance with the requirements of STO BR IBBS-1.0-2010 .

IS Audit of the Bank, not only increases the level of trust and loyalty on the part of the Central Bank, customers and partners, but also formed the answers to the most important for the security of the bank issues:

• how well built office IB;
• where weaknesses;
• what to do to the information security department of the bank to react to negative factors.

important result of our audit and enforcement of information security in accordance with the Standard Bank of Russia is the creation of a complete set of regulations defining the structure and regulate the service information security and its interaction with other parts of the bank. Needless to remind that this is the documentary base and the main object of verification and control supervisors.