The aim of this work is to solve problems concerning the bank information system of commercial banks, where a big emphasis is laid on the security of the information system. At the present time, not only bank specialists but also top experts in creation and implementation of bank softwares are engaged in the solution of these problems. The paper advances from empiric analyses of the information system security to general theoretical starting-points and theses. It focuses on the problems of data protection by minimalising and/or excluding the possibility of leakage of information and its subsequent misuse, as well as on information security, and defines the levels of security usable in building the information system. Also, it deals with assessing the bank information system through an external audit with the aim to analyse the regularity of operations and reliability of the information system in terms of the criteria required, and through an internal audit, which is an important security component of the information system.