| The main value of our company is information, and valuable resources should be protected properly. One of mechanisms of information assets protection maintenance is information security management system (ISMS). In the middle of 2005, the company management made strategic decision: to develop and implement information security management system in the company, corresponding to requirements of international standard ISO 27001:2005. ISO/IEC 27001:2005 Standard based on BSI BS 7799-2:2002 standard is generalization of world experience in organization of information security management and defines general organization, directions of planning, use of risks estimation, estimations of efficiency, control of improvements, etc. To solve this problem, the working group from employees of several structural divisions of the company which participants have passed training on “Implementation of Information Protection Control System to conform the requirements of ISO/IEC 27001:2005” and “Internal audit of Information Protection Control System to conform the requirements of ISO/IEC 27001:2005. Training of internal auditors” in “Academy of information systems” (Moscow) has been created and received certificates of British Standards Institution (BSI). Creation of high-grade information security management system is a challenge having laborious work of employees of the company, experts in this area. Now we are at a finishing stage of development and in the near future we plan to pass conformity certification of this standard. For us, ISMS is the following: - Stability of business;
- Protection of interests;
- Increase of clients (partners) trust level.
| 
