Press center menu
ARMZ Uranium Holding Co. Completes the Development of an ISO/IEC 27001:2005-Compliant Information Security Management System
ARMZ Uranium Holding Co. (JSC Atomredmetzoloto) has successfully passed a certification audit for compliance with the ISO/IEC 27001:2005 international standard requirements on information security, and has become the first company in the Russian atomic industry to obtain the international certificate.
ARMZ Uranium Holding Co. began setting up the information security management system (ISMS) in early 2011 to meet the ISO/IEC 27001:2005 requirements and guidelines. The project was implemented as part of the Rosatom State Corporation’s concept to transform information technology and information security. The process of implementing the ISMS was supported by invited experts from the LETA Company, who is one of the Russian IT market leaders in the information security segment.
Implementing the information security management system at ARMZ Uranium Holding Co. involved a comprehensive information security audit; performing a detailed assessment of information security risks; assigning ARMZ Uranium Holding Co. employees with roles and responsibilities within the system; establishing a collegial body for information security management (Information Security Committee); designing and launching ISMS processes; and developing a system to raise information security awareness among the Holding Company’s employees.
In August of 2013, ARMZ Uranium Holding Co.’s information security management system was audited by the British Standards Institution (BSI), one of the oldest and most authoritative bodies in the area of management system certification, and has developed more than 30,000 standards applied throughout the world. Following the audit results, the Holding Company’s ISMS was recognized as conforming to the ISO/IEC 27001:2005 international standard requirements on information security.
According to Yuriy Tokmachev, Deputy Director General and Security Director of JSC Atomredmetzoloto, developing and setting up the ISMS to comply with the 27001-series information standard is an important element of ARMZ Uranium Holding Co.’s information security strategy. «Developing and improving information technologies outside the context of the current comprehensive approach to ensuring safety and security imposes significant risks. This is particularly relevant for companies in the atomic industry, which are strategically important to Russia. Therefore, improving the information security management system and bringing it to conform to Russian law, to Rosatom State Corporation’s industrial requirements, as well as to international standards, is one of the priority objectives of ARMZ Uranium Holding Co.», noted Yuriy Tokmachev.
The information security management system implemented at ARMZ Uranium Holding Co. ensures that technical and organizational measures for information protection are integrated into a single managed complex which is relevant to real threats and allows information security goals to be achieved at the level of the entire Holding Company. The ISMS helps to arrange and interconnect the processes and subsystems related to information security, to plan the financial and labor resources necessary for operating the system, as well as optimizing their use to achieve maximum business performance for the Company.