Ensuring compliance with information security industry standards of the Bank of Russia.

Article

Ensuring compliance with information security industry standards of the Bank of Russia

Information security in Russia is governed by a number of documents: the Federal Law On Personal Data, requirements issued by the Federal Service for Supervision in the Area of Communications, Information Technologies and Mass Media, the Federal Security Service of the Russian Federation, and the Federal Service for Technical and Export Control.

To aid banking organizations with compliance matters, the Central Bank of the Russian Federation, in partnership with the Association of Russian Banks and the Association of Regional Banks of Russia, developed a package of standards aimed at ensuring information security. The CBR's package of industry standards recommended for application includes the following:

  • The Bank of Russia Standard Ensuring Information Security of Banking Organizations of the Russian Federation. General Provisions (the "Standard").
  • The Bank of Russia Standard Ensuring Information Security of Banking Organizations of the Russian Federation. Methodology for Assessment of Compliance of Information Security of Banking Organizations of the Russian Federation with the Standard.
  • The Bank of Russia Standard Ensuring Information Security of Banking Organizations of the Russian Federation. Information Security Audit.

The package of standards also includes recommendations for ensuring personal data security, a personal data threat model, risk assessment methodology, and other useful information.

Ensuring compliance with information security industry standards of the Bank of Russia
Did you find this useful?