Creation of protection system and assessing the security of ISPD
Services related to security audit of personal data processing systems, creation of personal data protection systems, and providing reports on compliance
We help to make the clients’ information system of personal data (ISPD) compliant with the requirements of the Russian Federal Law on Personal Data No. 152-FZ.
We provide the following services:
- Audit and creation of the personal data protection system
- Independent assessment of ISPD security in accordance with the requirements of the Federal Law on Personal Data No. 152-FZ
- Annual control of information systems security
Creation of personal data protection system and security assessment according to FSTEK Order 21
To bring information systems of personal data (ISPD) in accordance with the requirements of 152-FZ we conduct an audit of the PD processing, design a security system, provide a certified virtual infrastructure, develop a methodology and assess the security, prepare documents.
ISPD audit
- Determining the list and categories of personal data, the criteria for classification, the basis for processing;
- Analysis of the technology and methods of personal data processing;
- Determining the groups and the list of persons approved for processing;
- Analysis of organizational and technical security measures.
Creation of an information protection system
- Development of threat models;
- Designing the protection system;
- Delivery and implementation of information protection tools;
- Security assessment.
Statement of compliance
The result of a positive assessment of security is a statement of compliance of the information system of personal data to the following requirements:
- Federal Law on Personal Data No. 152-FZ
- Government Decree № 1119 from 01.11.2012
- Decree of the Federal Service for Technical and Export Control №21 from 18.02.2013
The assessment may also result in recommendations to resolve the complaints and bring the processes of personal data processing in compliance with the requirements.
Request a sample Security Assessment Report from our managers at sales@cloud4y.ru
ISPD in the protected cloud according to the Federal Law on Personal Data No. 152-FZ
As part of a comprehensive service, we provide IaaS-infrastructure, certified УЗ-1, К1, to host PD of 1-4 levels of security.
Go to FZ-152 Cloud
The benefits of a complete solution
Assessment of compliance with the requirements of 152-FZ
The service involves the independent organization of the system of personal data protection, which requires only an expert evaluation of security in accordance with the № 21 order of the Federal Service for Technical and Export Control from the licensee. During the evaluation, we also consult on all issues related to the 152-FZ.
We offer special prices for information systems hosted in Cloud4Y Federal law 152-FZ cloud
Conformity assessment
- Defining the list and categories of personal data, the criteria for classification, the basis for processing;
- Analysis of the technical means and methods of personal data processing;
- Determining the groups and the list of persons approved for processing;
- The analysis of organizational and technical measures to ensure security.
- Development and approval of the program and methods of compliance assessment;
- Security assessment.
Statement of compliance
The result of a positive assessment of security is a statement of compliance of the information system of personal data to the following requirements:
- Federal Law on Personal Data No. 152-FZ
- Government Decree № 1119 from 01.11.2012
- Decree of the Federal Service for Technical and Export Control №21 from 18.02.2013.
The assessment may also result in recommendations to resolve the complaints and bring the processes of personal data processing in compliance with the requirements.
Request a sample Security Assessment Report from our managers at sales@cloud4y.ru
Information systems security control
FSTEC Order № 21 obliges operators of personal data to perform annual security control
The service can be provided at special prices for information systems hosted in Cloud4Y cloud.
The list of works performed to control the protection of ISPD
- Vulnerability analysis of information systems using automated scanners and vulnerability databases;
- Control over serviceability and proper functioning of information protection tools;
- Control over functional capability and proper functioning of information protection means;
- Analysis of compliance with legal requirements to the protection of personal data;
- Recommendations on the elimination of detected vulnerabilities and bringing the protection system in compliance with personal data protection requirements.
The assessment may also result in recommendations to resolve the complaints and bringing the processes the personal data processing in compliance with the requirements.
Request a sample Security Assessment Report from our managers at sales@cloud4y.ru
FAQ
Answers to questions can be found in the knowledge base. If you do not find an answer to a question - post it our consultants online using online chat or send an inquiry using the support ticket system.