The standard is the first domestic document that allows us to evaluate the efficiency of data processing processes. However. it is important that such an audit be carried out uniformly for various information systems. The methodology is aimed at making the audit procedure more transparent. understandable and uniform.” he noted.has compliance with the standard: the high level of security of Yandex ID has been confirmed by independent consultants. According to Anna
Zinchuk. head of the Yandex information
security compliance and training service. t
he audit by independent consultants has become a “useful and practical experience” for the company. which helped “systematically assess the maturity of approaches to security” and “identify growth points.”
Representatives of the press services of Avito and Beeline did not answer questions from a ComNews correspondent. But a representative of T
-Bank said that the company took an active
part in both the development of the Industry Standard for Data Protection of the ABD and in the approval of the methodology. According overseas data to him. T-Bank has already implemented these approaches in the company’s practice. “The mechanism for assessing the ABD methodology will be in demand. since it allows for an objective recording of the level of actual security – both in individual services and products. and in the infrastructure as a whole. Based on the assessment results.
licensees formulate specific recommendations
for increasing the level of compliance with information security requirements. It is advisable to include these recommendations in the current plans of measures for information security.” he said.
A representative of T-Bank noted that compliance
with the standard requirements and gradual increase in the assessment directly contribute to strengthening the protection of personal data. The relevance of which has increased against the background of state policy on the protection of personal data. increasing liability for their leakage and the introduction of turnover fines. He noted that passing the we will use a hosting plan that runs assessment of compliance with information security requirements is a factor mitigating liability.
Igor Bederov. Director fans data of the Investigation Department at T.Hunter LLC. agreed with him. He said that the methodology will become a benchmark for checking compliance with data protection requirements and will be useful for personal data operators. information security specialists. external auditors. consulting companies and regulators.