Bank Mellat receives ISMS certificate
Bank Mellat has become the first Iranian bank to receive ISO/IEC 27001 certificate under the new 2013 version for its successfully implementing information security management system (ISMS) in its Internet banking service. The certificate has been issued by the ICT Organization of Iran as the sole competent authority to grant the national ISMS (NAMA) certificate.
Bank Mellat has become the first Iranian bank to receive ISO/IEC 27001 certificate under the new 2013 version for its successfully implementing information security management system (ISMS) in its Internet banking service. The certificate has been issued by the ICT Organization of Iran as the sole competent authority to grant the national ISMS (NAMA) certificate.
Previously in 2012, Bank Mellat was the first Iranian bank to receive the international certificate of ISO/IEC 27001:2005 ISMS for the same scope under the respective international accreditation system. Upon successfully obtaining the international certificate and due to new requirements of government authorities regarding changing ISMS accreditation and certification system from international to national (NAMA). A new era of implementation and expansion of the system was put in the bank’s agenda. In this context, in an endeavor to upgrade the security of internet banking environment, implementation of the new system started in July 2015 and finalized in July 2016.
In order to obtain the national ISMS certificate and comply with internal requirements, third party audit of the system was successfully conducted by one of the competent certificate bodies, which is authorized by the national ISMS accreditation system (NAMA), within 2 stages in July 2016. Subsequently after approval of the Strategic Center for Information Security of the Presidential Office, the certificate was issued and granted on 23 January 2017.
This management system fundamentally relies on a risk based approach and continuous improvement cycle (including the plan, do, check and act phases) which recognizes,evaluates and mitigates the information security risks in line with strategic objectives of the organization through implementation of information security policies and procedures, awareness programs and technological controls.
Monday 20 Feb 2017