DEPO Computers specialists have upgraded the personal data processing system of the RUSCOLLECTOR Credit Security Bureau
RUSCOLLEСTOR Credit Security Bureau is one of the leaders in the collection services market in Russia. By the nature of its business, the Bureau continuously processes a significant amount of personal data of Russian citizens. At present the system of personal data processing implemented by the Bureau specialists from DEPO Computers can be assessed as one of the most effective, which is confirmed by the results of on-site planned inspection of Roskomnadzor.
According to the requirements of the Federal Law of the Russian Federation No. 152-FL "On personal data" the information systems where such confidential information is processed, should satisfy the complex of requirements and provide the sufficient level of information security. In addition, companies must implement personal data protection means that meet the requirements of the FSTEC.
Experts from DEPO Computers, who have extensive experience in auditing and modernization of information systems in accordance with FL-152, were involved in all phases of design and implementation of solutions to ensure the protection of personal data for the customers of the "RUSСOLLEСTOR". The company's engineers thoroughly examined the IT infrastructure of the client, as well as the technological processes of data processing by the Firm's employees.
The peculiarity of the services provided by the law firm is that they deal with a large amount of information on debtors - the agency's portfolio contains the data of over 200 thousand people, and a considerable number of employees have access to the database. Under such an approach, each workplace should be equipped in accordance with the information system class K1 to protect personal data. But in order to equip a large number of workstations with the necessary security features to comply with the FSTEC requirements, ensure confidentiality of personal data and prevent malfeasance, a considerable IT budget is required which even large companies are often unable to afford.
After having analyzed the information obtained during the audit, the DEPO Computers specialists suggested splitting the information system of the bureau into two separate subsystems: one of them is designed for working with impersonal customer data, while the other one contains a complete database. Besides, the specialists of DEPO Computers have developed new regulations describing the company's internal business processes, which together with the transition to the depersonalized data in some cases resulted in lowering the category of processed information to K4 level. Together, these measures made it possible to ensure that the information system for personal data processing at RUSKOLLEKTOR Bureau fully complies with the requirements of Federal Law 152.
After the modernization of the IT infrastructure at the Credit Security Bureau, Roskomnadzor carried out an inspection. According to the act, no violations of legal requirements in terms of personal data protection were found. In particular, the document states that in the course of the control and supervision of activities related to the processing of personal data with or without the use of automated means, assessed the compliance of the BCB "RUSKOLLEKTOR" organizational measures necessary to protect personal data from unauthorized and accidental access to them, and as a result of the measures no violations in the processing of personal data were revealed.