Flexibility and tailored approach let us account for any and all specific requirements and business specifics of each individual entity in order to select an efficient enterprise data protection strategy.

Our specialists have extensive experience in certification and will help you create a data protection system depending on your business specifics.

The Federal Law No. 187-FZ of 26.07.2017 "On security of critical information infrastructure of the Russian Federation" came into force on January 1, 2018. The Law determines mandatory requirements for subjects of critical information infrastructure to ensure information security.

Due to the relative newness of the law and the lack of law enforcement practice, many companies have difficulties in attributing or not attributing themselves to the subjects of critical information infrastructure, developing a list of objects of critical information infrastructure, performing work on objects categorization.

SATEL experts have successful experience in implementation of projects on protection of critical information infrastructure and are ready to provide the help to the clients in substantiation of assignment or not assignment of the company to subjects of critical information infrastructure, formation of the commission on categorization, gathering necessary initial data for categorization, the list of objects preparation, performance of categorization and preparation of data on results of assignment of object of critical information infrastructure.

After FSTEC will approve sent data, SATEL experts are ready to execute a full complex of work on creation of information security systems (to develop the technical project, threat models, design and organizational documentation.

At present, APCS development and upgrades lead to even deeper integration with other enterprise management systems, making APCS network data security as important as physical enterprise security issues. Any change in integrity or availability of APCS-processed data might lead to a technological process violation, which in turn might cause financial losses to an entity, environmental damage and fatalities.
Availability of highly skilled specialists with in-depth knowledge of customer industry and specifics of industrial system IT security projects gives us capability to implement projects of various scale and complexity levels.

At present, compliance with the requirements of the Federal Law No. 152-FZ of 27.07.2006 "On Personal Data" is one of the urgent tasks for Russian companies, regardless of their forms of ownership, in accordance with its provisions, any organization processing personal data of its employees, customers or counterparties is an operator of personal data and is obliged to provide the necessary organizational and technical measures to protect personal data.

Obviously, quite a long time has passed since the Federal Law came into force, and during this time many companies have already launched processes to build a security system to protect personal data. However, it is necessary to understand that an information security system is dynamic system and requires periodic review and actualization. Considering last updating in the legislation, maintenance of ISPDN in an actual condition can cause difficulties for Operators.

Besides, based on practice, the best result at carrying out of audit on conformity to requirements, is reached at the reference to the independent auditor.

SATEL provides services to implement the requirements of Federal Law № 152-FZ "On Personal Data" and its bylaws, which include a set of organizational and technical measures. Based on the audit results, the Customer will receive an independent assessment of compliance with the requirements of Russian legislation in the field of processing and protection of personal data in his company.

As part of this block of services, SATEL offers its customers a full range of works aimed at meeting the requirements of legislation in the field of processing and protection of personal data:

1. Comprehensive audit of compliance with the requirements of Federal Law № 152-FZ.
2. Threat modeling of and determination of security levels for all identified ISPDNs.
3. Development of a complete set of organizational and administrative documentation that regulates the procedures for processing and protection of personal data.
4. Development of solutions to create an information security system.
   

The received result will allow to reveal existing defects and to eliminate them. Especially actual this type of service is on the threshold of inspection by Roskomnadzor.

Requirements stated in the FSTEC Order No. 17 of February 11, 2013 "On the statement of Requirements on protection of the information which is not making the state secret, containing in the state information systems" are obligatory at processing of the information in the state information systems functioning in territory of the Russian Federation, all operators of the state information systems must execute the specified requirements to the organization and information security measures.

Building an information security system for a state information system is a task that an operator cannot always solve on his own.

SATEL specialists are ready to execute the full list of measures on fulfillment of requirements in accordance with FSTEC Order No.17:

• formation of security requirements;
• development of an information security system;
• implementation of an information security system;
• information system attestation and its enforcement;
• ensuring security level during the information system operation;
• ensuring security level during the decommissioning of the information system.

At each stage our employees will provide professional help in the decision of the problems regarding information security. The saved-up experience and expertise gives us the right to guarantee the highly skilled approach in construction of the secured state information systems.

In connection with industry regulation, credit and financial organizations need to implement a large-scale complex of organizational and technical measures on information security. The key measures are:

• Assessment of compliance with information security requirements for money transfers.
• Protection of biometric personal data during processing and interaction with the Unified Biometric System.
• Penetration testing and analysis of information security vulnerabilities of information infrastructure objects.
• FSTEC certification for compliance with information security requirements, including requirements for vulnerability analysis and control over the absence of undeclared capabilities, application software for automated systems and applications.
• Survey and determination of a category of significance of objects of critical information infrastructure or absence of necessity to assign them one of such categories and formation of requirements to the security system of significant objects of critical information infrastructure of the Russian Federation.

Besides complexity of works performance, in view of large volumes of requirements and ambiguity of their interpretation, even in narrow specialized profile circles, the Bank of Russia has fixed, in the normative acts issued by it, the requirement, on obligatory attraction to an estimation of security requirements realization of the external organizations having corresponding FSTEC licenses.

SATEL has all necessary licenses to perform the above-mentioned works and has considerable experience in performing security works both in the interests of the Bank of Russia and other banks and financial organizations.

The accumulated experience and competence allow us to assert the high quality of the offered services and readiness in cooperation within the framework of works execution, thus the Customer receives:

• an objective assessment of compliance with legislative and industry information security requirements;
• managed and controlled information security management system;
• setting of priorities in the field of information security;
• achievement of "transparency" in the security of information systems management of the credit and financial organization;
• improvement of the current security level;
• achievement of adequacy of information security system counteraction to the existing risks.

Information security tools, produced by SATEL,are compliant with the current FSTEC of Russia regulation for firewalls, making them available for confidential information protection.

Production of certified data protection tools lets Customers:

• Order unlimited certified equipment items without going through new application procedure with FSTEC of Russia and performance of the full certification testing cycle.
• Receive support for certified equipment during certificate validity period (software updates, patches, use advice).
• Certificate extension opportunity.

Information systems attestation is a complex of organizational and technical measures as a result of which conformity of security system to requirements is confirmed.

Unlike of FSTEC Order No. 17 of February 11, 2013, where this procedure is mandatory for state information systems, attestation of other systems is organized by the information owner or operator on a voluntary basis.

The complex of works on information systems attestation includes the following stages:

• submission and consideration of an application for information system attestation;
• inspection of the object in order to assess compliance with the requirements of regulatory documents;
• development of the program and methods of certification tests;
• carrying out certification tests of the information system.

Using the accumulated experience and knowledge, SATEL specialists guarantee a high level of work on information systems attestation.

The Concept of Government System for computer attack identification, prevention and recovery (GosSOPKA) was introduced by the President of the RF in 2013.

GosSOPKA’ s primary purpose is control over protection of IT resources from computer attacks and also control over recovery of normal operations of such resources following computer incidents, caused by computer attacks.

SATEL specialists with hands-on GosSOPKA interaction experience are prepared to provide regulations and guidance documentation development services, technology solution development and interaction of security tools with GosSOPKA segment technical tools.