The certification scope covers Management of Information security for providing Infrastructure Setup and Support, Application Support and Maintenance, Backup, Helpdesk, Network Management, and System Administration.
Futurebank Chairman Dr. Hamid Borhani and Chief Executive Officer Dr. Valiollah Seif received the certificate on behalf of the bank, during Futurebank’s first Board of Directors meeting of 2009.
Dr. Hamid Borhani Chairman, Futurebank said “Receiving the ISO/IEC 27001:2005 certification is a milestone achievement for the bank and underlines Futurebank’s commitment to excellence and to adhering to world- class Information Security standards.”
Dr. Valiollah Seif, Chief Executive Officer and Managing Director, Futurebank said, “ Our employees realise the paramount importance of information security in the banking industry and this validation from the TÜV SÜD Group further reinforces our ability to deliver secure banking services to our valued customer base.”
“The certification and audit was performed in a highly efficient and timely manner and I would like to recognise the efforts of our skilled IT Department who played a pivotal role in this process,” added Dr. Seif
Mr. Hossein Rezaee, Head of IT said, “Futurebank is dedicated to providing the highest quality of products and services to its customers and the implementation of this world- renowned certification will further reassure our customers about the high calibre of the systems we have in place to safeguard their information with us.“
ISO/IEC 27001:2005 specifies the requirements for establishing, implementing, operating, monitoring, reviewing, maintaining and improving a documented Information Security Management System within the context of the bank’s overall business risks. The certification is designed to ensure the selection of adequate and proportionate security controls that protect information assets.
TÜV SÜD conducted the audit in two specific stages. Stage One involved a review of all Futurebank security and risk related documentation including the Statement of Applicability (SoA) and Risk Treatment Plan (RTP). Stage Two included a detailed audit and testing of the effectiveness of the information security controls stated in the SoA and RTP.