In this decision NBRM prescribed the methodology for information security of the banks taking into consideration the processes for managing the security of the information system, business continuity, e-banking security standards etc.
In June 2008 NBRM brought Decision on amending the Decision on the bank's information system security ("Official Gazette of RM" No. 78/08). With this amendment NBRM prescribed that the IT suppliers of the banks (outsourcing companies) must be ISO 20000 IT Service Management certified.
"The outsourcing company* under paragraph 1 of this item shall obligatorily be certified in accordance with the international standard ISO/IEC 20000.
* Outsourcing company shall denote a company, which on the basis of a written agreement, provides services to the bank from the information system area for processing bank and financial activities.“ (based on the decision from 2008)”
In the beginning of 2009 NBRM brought another Decision on amending and consolidating the Decision on the bank's information system security ("Official Gazette of the Republic of Macedonia" No. 31/2009) in which there are clarifications for which IT providers of the banks are included in the category of companies that should be ISO 20000 certified.
„Information system services undertaking of a bank according to this Decision, shall denote:
a) ancillary services undertaking of a bank whose prevailing activity is managing and maintaining a data processing system, and which, on the basis of a written agreement processes and stores bank's data during the conduct of banking and financial activities; and/or
b) outsourcing, which, on the basis of a written agreement processes and stores bank's data during the conduct of banking and financial activities."
These NBRM’s decisions made ISO 20000 very relevant topic in Macedonia, especially among IT companies.
The card processing center CaSys first demonstrated alignment to the NBRM’s requirements or more precisely the requirements of their clients, through successful certification of IT Service Management System based on ISO 20000:2005. With this CaSys became the first company in Macedonia and the region to be ISO 20000 certified. This news was published by Kapital, Makfax etc.