Active Audit Agency

т: +38(044) 228-15-88


Постановление нбу №474

Information Security Management System (ISMS) development and implementation based on National bank of Ukraine information security standard
СОУ Н НБУ 65.1 СУИБ 1.0:2010

What is it?

According to article 7 Law of Ukraine "About National Bank of Ukraine", article 10 Law of Ukraine " About information protection in the information and telecommunication systems" and article 10 Law of Ukraine "About standartization", and in order to increase information security level on the banking system of Ukraine the Management Board of the National bank of Ukraine has accepted Regulation #474 (28 Oct 2010) "About coming into force standards of information security management in the banking system of Ukraine"

Starting the day regulation has been published, the following standards came in force:

Also ukrainian banks must implement information security management system till October 1st of 2011.

Why do you need this?

Information security management system (ISMS) is a process to secure information resources of the bank based on the best information security techniques. National bank standards are based on the international standards for information security ISO 27001 and ISO 27002 with deviations and additions regarding banking specific, which is highlited earlier in the other regulations of National bank.

ISMS compliance to National bank of Ukraine standards СОУ Н НБУ 65.1 СУИБ 1.0:2010 and СОУ Н НБУ 65.1 СУИБ 2.0:2010 guarantees to any bank compliance to international standards ISO 27001 and ISO 27002 and opens a perspective to recieve appropriate certificate.

The nessessity to implement information security standards in ukrainian banks is required by Basel Committee (so called Basel II) for operational risk reduction and risk management.

Implementation of those standards in ukrainian banks will allow:

  • to reduce and optimize costs on building and maintenance information security management system;
  • permanently monitor and asses risks taking into account banking business particularity;
  • effectively identify critical risks and avoid or eliminate them;
  • to provide understanding of information security issues by bank management and all employees;
  • to increase confidence and investment attractiveness of banking institutions;
  • to provide protection against raiders' attacks, unauthorized access to information systems, leakage of confidential information treated as banking secret;
  • to increase customers' antifraud protection.

How is ISMS development and implementation performed?

Active audit agency offers to the banks the services to develop and implement information security management system compliant to NBU requirements and standards.

As a result you will get working Information Security Management System compliant to NBU standards and warranty to pass NBU inspections successfully, and as bonus you may recieve certificate of comliance to ISO / IEC 27001: 2005.


Please also read:

План дій щодо впровадження вимог галузевих стандартів інформаційної безпеки СОУ Н НБУ 65.1 СУІБ 1.0:2010 та СОУ Н НБУ 65.1 СУІБ 2.0:2010

Экономическое обоснование сертификации по стандарту ISO 27001.

Впровадження ISO 27001: презентація представникам бізнесу переваг та економічного обґрунтування інвестицій у інформаційну безпеку.

Разбираемся в документации по информационной безопасности.