CROC’s information security management system has been certified to comply with the Russian GOST R ISO/MEK 27001-2006 standard. CROC is the first IT company in Russia to be certified as meeting both Russian and international standards.

Information security management is of paramount importance for companies which outsource their IT processes, with confidentiality protection being a key concern for customers such as banks, financial institutions and oil-and-gas enterprises. The fact that CROC’s security management system is fully certified means that our customers can be confident that their data is secure.

Mikhail Bashlykov, Head of Information Security, CROC, comments: “Obtaining Russian certification is an additional opportunity to demonstrate to our customers the high reliability of our systems. Our key goal is to manage information risks and regularly analyze the situation in order to develop new security solutions. Our position is confirmed by CROC’s annual ISO/IEC 27001:2005 international certification audits, which have taken place since 2005, and is now further supported by Russian certification.”

A certification audit of CROC’s information security management system was performed within CROC’s Helpdesk (IT Department), System Administrator Team (Computer Systems Department), HR Department and Security Service. The audit was conducted by the Russian Research Institute for Certification (VNIIS), one of the leading Russian service providers in the field of standardization, certification and technical regulation.

“Today, confidentiality protection plays a key role in business and it is therefore important to provide high-quality information security management. Independent expert evaluation validates that a company’s ISMS provides the required level of protection for all information assets and guarantees that data protection activities and facilities correspond with existing business risks,”

said Leonid V. Sergeev, Deputy Head of the Certification Body, VNIIS-SERT, OAO VNIIS.