Quality of SberSolutions services and the Information Security Management System are confirmed by results of numerous independent audits, performed by specialists of the largest and most respected certification authorities.
SberSolutions performs 3 types of audits: - External – five times per year. They're performed by a specialized certification body. They consist of certification ones, on which results there's made a decision on the issuance or refusal to issue a certain certificate, and of inspection ones, which annually check whether the systems operate in accordance with the specified requirements, and whether works on their update are performed. Three more annual audits are performed by the Big Four Audit Firms and they include an assessment of existing operational controls (SOC1) according to SSAE18 standard;
- Internal – according to the internal audit plans on a monthly basis. They're performed by internal auditors of SberSolutions, which task is to perform monitoring and control under compliance with requirements of the standards and internal regulations;
- Clients' audits – on clients' requests. These are audits, organized by clients or partners of SberSolutions, which task is maintenance of additional control under the most significant and critical processes of a client.
What are the benefits of SberSolutions certificates for our clients? A certificate for a specific management system, issued by one of the representatives of the Big Four Audit Firms, removes the need for the client to perform additional audits with respect to the service provider. The level of credibility to such a provider is higher and you can trust to the quality of its services with a greater confidence. Clients significantly save time on the choice of the provider, whereas while negotiating the terms of the agreement less justifications and legal formalities are required.