according to ISO/IEC 27001:2013 and ISO/IEC 20000-1:2011
Brno Public Transport Authority (Dopravní podnik města Brna - DPMB) was awarded an ISO/IEC 27001:2013 certificate for its information security management system in December 2015. It thus became the first transport authority in the country to be awarded this certificate. Adhering to the principles of the ISO/IEC 27001:2013 standard guarantees that information at DPMB is handled in line with pre-defined rules and that the personal data of our passengers is completely safe. This means the data held in information systems and on paper. In practice, this means that a security issue is not dealt with at the moment it arises, but that DPMB does its utmost to ensure that there is no leakage of information in the first place.
The problem-free progress of the certification audit, culminating in the award of a certificate, was nonetheless extremely demanding at DPMB given the conditions in which it works, meaning a large number of employees and an extensive computer network that takes in up to 700 computers. The process of introducing the system took almost four months. What is more, DPMB chose one of the most prestigious, and therefore most demanding international certification authorities, LRQA (Lloyd's Register Quality Assurance), which is best known in the aviation and motor industries.
Together with certification according to ISO/IEC 27001:2013 – Information security management system, DPMB also applied for, and was awarded, a certificate according to ISO/IEC 20000-1:2011 standard - IT service management system. Properly functioning IT is one of the guarantees of the proper functioning and secure handling of data, especially at a time when most information is administered electronically.
Given the huge amount of information which a company as large as DPMB processes, including the personal data of its employees, and the huge quantity of data relating to the safe operation of local public transport, the award of these certificates is a fine indicator of the fact that the company functions well in these areas. DPMB is now one of the number of large, well-known companies that have in place management systems which comply with the ISO standards specified above.
Both certificates are valid for three years. The transport authority will then have to prove once again its entitlement to hold them.