Our solutions

OUR SOLUTIONS

Developer and provider of modern communications solutions

IT security

Implementation of comprehensive information protection solutions is one of our top priorities. We have extensive experience and will help in improving protection of business processes against IT security threats and provide compliance with IT security requirements of regulators. SATEL has all the required IT security licenses (including state secrets) and provides the full range of IT security services – from existing system audit to development and support to integrated solutions.

IT SECURITY AUDIT

IT security audit is a most important phase in building a reliable IT security system in any company.

IT security system audit enables current status evaluation and plan next steps to improve security level.

Current status audit may discover vulnerabilities in an enterprise IT system and related risks, deliver external compliance and best IT practices assessment.

Upon results of comprehensive system audit or under dedicated processes, we will present visualized information on IT security status, identify information assets to be protected and also develop recommendations for improvement of IT security system status.

SATEL team will assist in building operational coordination of your corporate employees, allocating tasks and logging activities for improvement of IT security system.

Flexibility and tailored approach let us account for any and all specific requirements and business specifics of each individual entity in order to select an efficient enterprise data protection strategy.

SECURITY EQUIPMENT COMPLIANCE ASSESSMENT

Security equipment compliance assessment is a set of organizational and technological activities to confirm security equipment compliance, such activities enable prevention of data leaks via technological channels, unauthorized access protection and protection from any special data and data storage medium attacks.

Following functional assessment, a data protection system is tested to find out if security functions meet vendor specifications and if the system has a required level of confidence for protection mechanisms, their efficiency and coordinated performance capability. System confidence is tested by reviewing development practices, documentation, setting management and mechanism testing.

Assessment results could be certified by a document, confirming compliance with relevant data protection requirements.

Our specialists have extensive experience in certification and will help you create a data protection system depending on your business specifics.

INDUSTRIAL CONTROL SYSTEM (APCS) SECURITY

Automatic process control systems (APCS) are critical elements of business processes of many industrial enterprises, which makes protection of their safe operation an integral part of the process to provide overall corporate security.

At present, APCS development and upgrades lead to even deeper integration with other enterprise management systems, making APCS network data security as important as physical enterprise security issues. Any change in integrity or availability of APCS-processed data might lead to a technological process violation, which in turn might cause financial losses to an entity, environmental damage and fatalities.
Availability of highly skilled specialists with in-depth knowledge of customer industry and specifics of industrial system IT security projects gives us capability to implement projects of various scale and complexity levels.

Protection of personal data information systems (ISPDN)

At present, compliance with the requirements of the Federal Law No. 152-FZ of 27.07.2006 "On Personal Data" is one of the urgent tasks for Russian companies, regardless of their forms of ownership, in accordance with its provisions, any organization processing personal data of its employees, customers or counterparties is an operator of personal data and is obliged to provide the necessary organizational and technical measures to protect personal data.

Obviously, quite a long time has passed since the Federal Law came into force, and during this time many companies have already launched processes to build a security system to protect personal data. However, it is necessary to understand that an information security system is dynamic system and requires periodic review and actualization. Considering last updating in the legislation, maintenance of ISPDN in an actual condition can cause difficulties for Operators.

Besides, based on practice, the best result at carrying out of audit on conformity to requirements, is reached at the reference to the independent auditor.

SATEL provides services to implement the requirements of Federal Law № 152-FZ "On Personal Data" and its bylaws, which include a set of organizational and technical measures. Based on the audit results, the Customer will receive an independent assessment of compliance with the requirements of Russian legislation in the field of processing and protection of personal data in his company.

As part of this block of services, SATEL offers its customers a full range of works aimed at meeting the requirements of legislation in the field of processing and protection of personal data:

Comprehensive audit of compliance with the requirements of Federal Law № 152-FZ.
Threat modeling of and determination of security levels for all identified ISPDNs.
Development of a complete set of organizational and administrative documentation that regulates the procedures for processing and protection of personal data.
Development of solutions to create an information security system.

The received result will allow to reveal existing defects and to eliminate them. Especially actual this type of service is on the threshold of inspection by Roskomnadzor.

Protection of information of money transfers

In connection with industry regulation, credit and financial organizations need to implement a large-scale complex of organizational and technical measures on information security. The key measures are:

Assessment of compliance with information security requirements for money transfers.
Protection of biometric personal data during processing and interaction with the Unified Biometric System.
Penetration testing and analysis of information security vulnerabilities of information infrastructure objects.
FSTEC certification for compliance with information security requirements, including requirements for vulnerability analysis and control over the absence of undeclared capabilities, application software for automated systems and applications.
Survey and determination of a category of significance of objects of critical information infrastructure or absence of necessity to assign them one of such categories and formation of requirements to the security system of significant objects of critical information infrastructure of the Russian Federation.

Besides complexity of works performance, in view of large volumes of requirements and ambiguity of their interpretation, even in narrow specialized profile circles, the Bank of Russia has fixed, in the normative acts issued by it, the requirement, on obligatory attraction to an estimation of security requirements realization of the external organizations having corresponding FSTEC licenses.

SATEL has all necessary licenses to perform the above-mentioned works and has considerable experience in performing security works both in the interests of the Bank of Russia and other banks and financial organizations.

The accumulated experience and competence allow us to assert the high quality of the offered services and readiness in cooperation within the framework of works execution, thus the Customer receives:

an objective assessment of compliance with legislative and industry information security requirements;
managed and controlled information security management system;
setting of priorities in the field of information security;
achievement of "transparency" in the security of information systems management of the credit and financial organization;
improvement of the current security level;
achievement of adequacy of information security system counteraction to the existing risks.

CERTIFIED PRODUCTION OF INFORMATION SECURITY TOOLS

Information security tools, produced by SATEL,are compliant with the current FSTEC of Russia regulation for firewalls, making them available for confidential information protection.

Production of certified data protection tools lets Customers:

Order unlimited certified equipment items without going through new application procedure with FSTEC of Russia and performance of the full certification testing cycle.
Receive support for certified equipment during certificate validity period (software updates, patches, use advice).
Certificate extension opportunity.

Information systems attestation

Information systems attestation is a complex of organizational and technical measures as a result of which conformity of security system to requirements is confirmed.

Unlike of FSTEC Order No. 17 of February 11, 2013, where this procedure is mandatory for state information systems, attestation of other systems is organized by the information owner or operator on a voluntary basis.

The complex of works on information systems attestation includes the following stages:

submission and consideration of an application for information system attestation;
inspection of the object in order to assess compliance with the requirements of regulatory documents;
development of the program and methods of certification tests;
carrying out certification tests of the information system.

Using the accumulated experience and knowledge, SATEL specialists guarantee a high level of work on information systems attestation.