IC ROSNO is the first Russian insurance company which has received certificate of main business processes’ information security compliance with international standards. For this purposes, the company implemented Information Security Management System (ISMS), which has passed certification audit for compliance with ISO/IEC 27001:2005.

ROSNO, Jet Info Systems, and BSI Management Systems CIS announce successful accomplishment of the project for implementation of Information Security Management System (ISMS) in OJSC ROSNO, developed in 10 months. ROSNO has received Certificate of compliance with ISO/IEC 27001:2005 “Information security management systems. Requirements”. This is the only world-wide adopted international standard.

The standard is based on BS 7799-2 British Standard which was developed by British Standards Institute (BSI) and accepted by International Standard Organization (ISO). The standard defines requirements to information security management processes and allows more than 130 controls to provide information security in organization.

Certificate holders include largest global financial companies, such as Alliance, Frankfurter Volksbank, Samsung Life Insurance, Citibank, Federal Reserve Bank and others.

Jet Info Systems being a certificated consulting partner of BSI MS CIS has become the partner and consulting company. Jet Info Systems experts are certified in ISMS development and carrying out external audit of companies’ conformity with ISO/IEC 27001:2005. Also, experts have a unique for Russia experience in the similar successfully accomplished projects.

Certification audit was conducted by BSI company, represented in Russia by BSI Management Systems CIS. It is the first international organization with local Russian-speaking auditors in its staff, which has certified companies for compliance with ISO 27001 requirements in Russia and CIS, and developed training and certification program for ISMS development.

The implemented project allowed company to engage all its departments in ensuring information security. Developed ISMS has become an integral part of ROSNO common management system. The system was developed by special project group including security, IT and business departments experts. The system comprises of organizational, procedure and technical solutions which allow minimizing traditional for insurance company risks and threats: confidentiality violation (theft and loss of information, including client personal data), information access violation (blocking and destroying), information integrity breach (unauthorized and unregulated modification, false information representation). One of ISMS priority functions includes protection of client data and provided services against unauthorized access. Certification enables ROSNO, among all, to receive competitive advantages in work with large corporate clients, which highly respect information security.

Vladimir Parshakov, ROSNO deputy director general commented that “activities towards maintaining information security is not only ‘bon ton’, it’s an essential necessity. Information and client personal data are insurer’s main assets and their security affects company’s image and consumer’s trust. Passing certification guarantees our investors, partners and clients that ROSNO not only provides quality services, but ensures maximum information security.”

Boris Simis, Jet Info Systems director of Center for information security, said that “implementation of effective Information Security Management System which will operate in a common corporate management system, is one of the essential problems insurance companies face today. Such project’s implementation requires special knowledge in this area and realizing customer’s business requirements. Long-term experience of Jet Info Systems in providing information security services enabled us to find effective solution for ROSNO.”

Nataliya Gorobets, BSI Management Systems CIS director general, said that “being leaders in standards development and management system registration, BSI Management Systems uses innovative solutions for rendering assistance to its customers to obtain competitive advantages. ROSNO has carried out serious work and has become the first Russian insurance company which has proved to its customers and partners that it works in accordance with 27001:2005 ISO/IEC international standard requirements. Now, ROSNO stands in line with Alliance Assurance Inc (Canada), a largest global insurer, which had registered its Management Systems in BSI.”

OJSC ROSNO is a universal insurer established in 1991. Leading German insurer, Allianz SE controls 97% of company’s shares. ROSNO offers over 100 insurance products. Company has subsidiaries in Russia (ROSNO-Center Reinsurance Company, IC ROSNO-MS, IC Alliance ROSNO Life, and Alliance ROSNO Asset Management,) and Ukraine (IC ROSNO Ukraine). Authorized capital amounts to Rub 1.184 bln. Regional ROSNO network includes 100 branches in all Russian regions (combined by territory to 10 directorates) and 203 agencies. Over 7 mln people and more than 50,000 enterprises have ROSNO policies and contracts.

Jet Info Systems is a leading system integrator in Russia and CIS. Company offers wide variety of development, implementation and maintenance services for high-availability computer systems and networks as well as information system management solutions, IT department operation solutions, information security solutions, and implementation of the specialized banking and applied systems. Company has eight regional offices in the cities of Russia from St. Petersburg and Krasnodar to Vladivostok, and branches in Ukraine, Kazakhstan and Azerbaijan. Implements projects in Pakistan, Japan, Tajikistan, and Uzbekistan.

BSI (British Standards Institute) is a worldwide leader in training and certification of Management Systems, one of International Standards Organization founders, author of British standards, which have become subsequently the most well-known ISO series standards 9000, 14000, 18000, 22000, TS 16949, 17799, 27001. BSI share amounts to 40% of the world market services in Information Security Management System certification.