1. SoftClub company offers a full range of services for information certification security systems of information systems in accordance with the requirements of the Order of the Operational and Analytical Center under the President of the Republic of Belarus No. 62:
- conducting a preliminary survey of the information system for readiness for certification of its information protection system;
- preparation of TK for the purchase of additional information protection tools necessary to build a security system;
- safety task development;
- carrying out techno-working design of an information security system with registration of all necessary design documentation;
- delivery, installation and configuration of information security tools;
- development of regulatory documents in the field of information security (organization standards, instructions, regulations, test methods, security policies, etc.);
- preparation of methods and support in the trial operation and testing of the information security system;
- conducting the certification procedure of the information security system with the issuance of a certificate of conformity;
- annual periodic monitoring of the effectiveness of protection measures of certified information security systems;
- technical support of certified information security systems with certification at the final phase (before placing into commercial operation)
2. SoftClub company provides audit services on the state of information security in the organization, that allows you to solve the following problems:
- increasing the level of security of information resources of the organization;
- bringing information security management processes according to the requirements of standards and legislation in the field of information protection;
- monitoring the level of security of implemented information systems.
2.1. An audit of the security of information systems, including an inventory of resources, the search for vulnerabilities (network, OS level, DBMS, applied).
2.2. Audit of information security management system – audit of information security management processes for compliance with the requirements of STB ISO / IEC 27001-2016.
2.3. Audit of information security of banks according to the methods aligned with the National Bank of the Republic of Belarus:
- assessment of information security systems and information security management systems of banks to the requirements of STB 34.101.41;
- assessment of documentation in the field of ensuring information security of banks in accordance with the requirements of STB 34.101.41;
- determination of the level of compliance of information security of banks with the requirements of STB 34.101.41;
- conducting an audit of information security of banks in accordance with the requirements of STB 34.101.42;
- risk assessment of information security breach of banks in accordance with the requirements of STB 34.101.61.
2.4. Together with one of the world leaders in the field of information security, the NCC Group company carries out:
- penetration Test of organization information systems;
- provision of Security Operations Center (SOC) services;
- provision of audit services for PCI DSS compliance (implemented by NCC Group, which has the status of QSA);
- the provision of other information security services available in the NCC GROUP portfolio (https://www.nccgroup.trust/uk/).
3. SoftClub company provides services for the implementation of various information security systems, as well as subsequent support. Our company specializes in the implementation of any (primarily certified) information security tools, including:
- complex (software and hardware) means of protecting information from
- unauthorized access;
- antivirus protection tools;
- means of cryptographic information protection;
- means of monitoring the level of security of information systems;
- tools for analyzing application source code for vulnerabilities;
- information security event management systems;
- Oracle Database Security Features.
4. SoftClub provides cloud security services in partnership with A1:
- placing the organization’s information systems in a certified secure cloud according to the IaaS model;
- certification of information protection systems of information systems located in a secure cloud, with constant support and recertification, if necessary;
- providing services for scanning for vulnerabilities, collecting and correlating information security events (SIEM) according to the cloud model, placing agents in the target system and providing a personal account in the cloud for management;
- provision of software products for SoftClub development for rent according to the SaaS and / or PaaS model with placement in a secure certified cloud.
5. The SoftClub company has established a competence center for the application of standards and regulatory documents in the field of information protection. The center specializes in:
- developing an intruder model and a threat model for information systems;
preparation of recommendations on the categorization of information and classification of information systems;
- developing security profiles and Security Tasks;
- advising developers of information systems on the development of documentation on the levels of assurance of assessment (UGO) levels UG01-UG04;
- an independent assessment of information and documentation security tools;
- organizing and conducting training courses for employees of maintenance services and developers of information systems on ensuring the safe development and operation of information systems.
6. Licensed activities of SoftClub:
- development, production, sales, installation, commissioning, maintenance of information processing software in a secure execution, information protection software and its control security, means of cryptographic information protection;
- implementation, installation, commissioning, maintenance of software and hardware information protection and control of its security;
- testing software for information processing, software, software and hardware for protecting information and monitoring its security, means of cryptographic information protection for information security requirements;
- design, creation of information security systems for information systems;
certification of information security systems of information systems.
As part of the licensed testing activities, the SoftClub operates a security information testing laboratory accredited by the Belarusian State Accreditation Center for certification tests in the following areas of accreditation:
- Products and systems (objects of assessment) of information technology for compliance with the levels of guarantee of evaluation (A13.B37);
- Protection Profile (A13.B99);
- Means of cryptographic information protection (CPSI) (A13.B37);
- Software is used to perform banking operations (A13.B37);
- Malware protection software and antivirus software (62.09 / 37.076).