Jet Infosystems delivers an ISMS for Eldorad
Moscow: Jet Infosystems has deployed a streamlined information security management system (ISMS) for Eldorado and had it certified for compliance with ISO 27001 by BSI Management Systems, an independent certification body.
“Information security is our fundamental responsibility to shareholders, partners and customers. That’s why we decided to deploy a new ISMS and have it certified for even greater confidence,” says Sonia Purdeshova, VP Operations Support, Eldorado.
The project was prepared by a working group representing staff from Eldorado’s Internal Audit Department, IT Department and Business Protection Service. The group identified the most security-critical business processes at the head office. The call for proposals focused on design, deployment and certification of an ISMS that would comply with ISO/IEC 27001 and the Russian Federal Personal Data Act.
After winning the call for proposals, in August 2010 Jet Infosystems commenced work on the project in consultation with over 200 Eldorado staff from 20 departments. The ISMS covers the most critical business processes including Eldorado’s customer loyalty program.
In the first stage, Jet Infosystems experts, with the help of Eldorado staff, reviewed the existing information security system for compliance with ISO 27001 and the Russian Personal Data Act. They also determined the landscape of business procedures covered by the ISMS. Recommendations were made concerning the modernization of existing IS arrangements and achieving compliance with ISO 27001. Several personal data systems were also identified and a plan to bring them into compliance with Russian legal requirements was prepared.
In the second stage, Jet Infosystems experts developed ISM processes required for certification, took stock of data assets and categorized them, reviewed and assessed security risks, developed and deployed policies/procedures required by ISO 2001, provided relevant training to Eldorado staff and helped them during the first cycle of ISMS operations. In the final stage, the system was certified by BSI.
“True security of business processes is certainly more important than mere certification. We continue working with our colleagues from Jet Infosystems to further improve IS processes that were not mandatory for certification. We are also planning their deployment for even greater reduction of risks. In the future the ISMS coverage area will be expanded,” says Konstantin Korotnev, information security manager, Eldorado.
“The decision to design and implement an ISMS was a major step promising many internal and external benefits. Eldorado can now control and assess data security processes. The ISMS will trigger further development of information security in the company. Sooner or later it will cover all business processes. As for the certificate of compliance, it will attract new partners and new investment,” notes Anna Kostina, manager of ISMS group, Jet Infosystems.
“The new ISMS is an integral part of management systems in any company,” notes Sergey Romanovskiy, director, Certification and partnership programs, BSI Managemnet Systems. “For a major retail chain such as Eldorado, certification for compliance ISO/IEC 27001 is an indicator of maturity and a guarantee of secure information assets management for the benefit of the company, its clients and partners.”
Eldorado is a leading Russian retail chain selling household appliances and electronics with the broadest geographical coverage. Eldorado stores operate in every Russian city with a population of over 500,000 and in 90% of cities with 250 to 500 thousand residents. Eldorado offers the best products by the best brands at the best prices, making life modern and comfortable for its customers.