382-P compliance assessment for Bank Professional
ITGLOBAL.COM’s information security specialists conducted an assessment of compliance with the requirements of the Central Bank of Russia Regulation No. 382-P for Professional Bank JSC (Moscow). Before turning to ITGLOBAL.COM, the IS specialists of Professional Bank conducted a self-assessment for compliance with the Regulation. Nevertheless, according to the bank’s representative, there were concerns that some of the requirements were not being fulfilled at the proper level.Key information
“Professional Bank” was founded in 1996 (until 2017 it was called “Nash Dom Bank”). The central office is located in Moscow, additional offices are located in Zelenograd, Dzerzhinsky, Obninsk and other cities of Moscow region. “Professional Bank” is a universal commercial bank; main directions: cash and settlement services to corporate clients and individuals, lending to small and medium-sized businesses. In 2015, “Professional Bank” connected to SWIFT.
Project objective
To assess the client’s information systems and business processes for compliance with the requirements of the CBR Regulation No. 382-P of June 9, 2012. The Regulation defines the measures to be observed by financial organizations to ensure the security of money transfers. Organizations providing this service are required to conduct a compliance assessment every two years with the involvement of a third-party audit organization. The procedure is conducted in two stages: a survey and the preparation of a report in the form prescribed by the regulator.
Realization
“Professional Bank” showed a high level of compliance with Regulation 382-P – this is one of the best results among ITGLOBAL.COM customers. The total project implementation time, from on-site survey to report writing, amounted to one month.
To select an audit organization, the bank conducted an extensive market research based on publicly available sources, as well as recommendations from colleagues in the banking industry. ITGLOBAL.COM won the tender due to the best combination of price and the number of services it included. In addition, the client was able to select specific service items, excluding what they do not need at the moment.
According to the bank representative, ITGLOBAL.COM specialists demonstrated excellent knowledge not only on theory and legislation, but also on issues related to the technical side of the project. “There were expectations that we would find more flaws,” said the bank representative. – But, as it turned out, we did everything more or less correctly.” Some inconsistencies with Regulation 382-P were corrected by the bank immediately, during the survey. The rest will be finalized according to the recommendations and conformity assessment report provided by ITGLOBAL.COM specialists. Professional Bank’s further plans include optimization of IS processes to successfully pass the conformity assessment according to GOST R 57580.1-2017, which becomes mandatory in 2021.
About Information Security Services
ITGLOBAL.COM has been offering information security services since 2017. Now among them are: assessment of compliance with 382-P, assessment of compliance with 152-FZ, assessment of compliance with GOST R 57580, preparation for PCI DSS certification, penetration test (pentest). The right to conduct audits ITGLOBAL.COM is confirmed by the FSTEC license for activities on technical protection of confidential information (TZKI).