Ukrenergo has received the certificate of compliance of the information security management system with the requirements of the international standard ISO/IEC 27001:2013. The independent auditor noted the high level of Ukrenergo’s information security management system in all areas of the Company’s activities that were audited. The certification audit of Ukrenergo’s central office and separate subdivisions was conducted by DQS Certific Ukraine LLC, a representative of the German certification body DQS Holding GmbH, one of the leading certification bodies for management systems worldwide.
The independent audit highlighted 5 strong points surpassing the requirements of the standard. This applies:
- to providing the resources for the development of information security management system,
- creating up-to-date conditions for information processing and storing,
- clustering the resources for critical IT systems,
- implementing the behavioural analysis of undesired events by the security operations centre (SOC),
- SOC interaction with national security agencies.
As part of checking the compliance with the ISO/IEC 27001:2013 Standard “Information Technology–Security Techniques–Information Security Management Systems–Requirements”. For example:
- the audit was focused on the activities of operational and technological control of operating modes of the IPS of Ukraine and its parallel operation with the power systems of neighbouring countries,
- the assurance of electricity transmission by trunk and interstate grids,
- the maintenance of the balancing market and the ancillary services market,
- the conclusion of bilateral contracts,
- the administration of commercial metering and commercial settlements.
The information security management audit also covered the organization of the physical protection at Ukrenergo’s facilities. In particular:
- the compliance with the access control requirements,
- the procedure of property custody and movement,
- the contractors’ performance under the contracts for facilities protection,
- the operation of video surveillance and access control systems,
- the introduction of advanced technologies into the physical protection system of the Company’s facilities.
“Obtaining the certificate is an important and milestone event for Ukrenergo in the context integration into ENTSO–E. Because it is the acknowledgement that the Company has implemented the information security management system that meets and, in some respects, surpasses the requirements of the international standard. It is one of the indicators ensuring the reliable and secure operation of the Transmission System Operator and the factor enhancing its credibility for key stakeholders,” commented Sergii Galagan, Chief Information Officer at Ukrenergo.
The article was published on the website of NPC Ukrenergo on March 19, 2021.