Astana International Exchange (“AIX”, “Exchange”) is pleased to announce that it has confirmed its compliance with global standards ISO 27001 and ISO 27032 through recertification and has also met the requirements of two new standards, ISO 27018 and ISO 27017. These standards cover assurance of the full business cycle, including trading, clearing, settlement, depository, and registry.
Renat Bekturov, CFA, CEO of AIX, stated:
“The certification AIX regularly goes through demonstrates our commitment to providing a strong foundation for information and cybersecurity systems and building confidence in the quality and security of our services. Considering the continuously increasing importance of data protection and privacy in today’s world, we should be up to speed with data privacy policies and procedures.”
ISO 27001 is a security management standard that strictly defines the information security program and information security management system (ISMS), ISO/IEC 27032:2012 – global cybersecurity standard, drawing out the unique aspects of that activity and its dependencies on other security domains, in particular: information security, network security, internet security, and critical information infrastructure protection. The two new standards ISO 27017 and 27018 refer to cloud security and privacy in the cloud, which is an important achievement for AIX since the entire infrastructure is in the cloud.
Valeriy Tsoy, AIX Chief Information Officer, said:
“Gaining ISO certifications means that clients, stakeholders, and investors, can have confidence that AIX is safe, reliable, and its management understands the need to maintain high standards of business processes. The certifications were issued after a rigorous audit and review by the Israeli Standards Institute, giving maximum assurance to stakeholders that their information is protected in the most comprehensive manner.”
As part of the certification process, regular follow-up audits will be conducted for the first two years to ensure the operational effectiveness of the system, and a recertification audit in the third year.