The Federal Law No. 187-FZ of 26.07.2017 "On security of critical information infrastructure of the Russian Federation" came into force on January 1, 2018. The Law determines mandatory requirements for subjects of critical information infrastructure to ensure information security.
Due to the relative newness of the law and the lack of law enforcement practice, many companies have difficulties in attributing or not attributing themselves to the subjects of critical information infrastructure, developing a list of objects of critical information infrastructure, performing work on objects categorization.
SATEL experts have successful experience in implementation of projects on protection of critical information infrastructure and are ready to provide the help to the clients in substantiation of assignment or not assignment of the company to subjects of critical information infrastructure, formation of the commission on categorization, gathering necessary initial data for categorization, the list of objects preparation, performance of categorization and preparation of data on results of assignment of object of critical information infrastructure.After FSTEC will approve sent data, SATEL experts are ready to execute a full complex of work on creation of information security systems (to develop the technical project, threat models, design and organizational documentation.
At present, compliance with the requirements of the Federal Law No. 152-FZ of 27.07.2006 "On Personal Data" is one of the urgent tasks for Russian companies, regardless of their forms of ownership, in accordance with its provisions, any organization processing personal data of its employees, customers or counterparties is an operator of personal data and is obliged to provide the necessary organizational and technical measures to protect personal data.
Obviously, quite a long time has passed since the Federal Law came into force, and during this time many companies have already launched processes to build a security system to protect personal data. However, it is necessary to understand that an information security system is dynamic system and requires periodic review and actualization. Considering last updating in the legislation, maintenance of ISPDN in an actual condition can cause difficulties for Operators.
Besides, based on practice, the best result at carrying out of audit on conformity to requirements, is reached at the reference to the independent auditor.
SATEL provides services to implement the requirements of Federal Law № 152-FZ "On Personal Data" and its bylaws, which include a set of organizational and technical measures. Based on the audit results, the Customer will receive an independent assessment of compliance with the requirements of Russian legislation in the field of processing and protection of personal data in his company.
As part of this block of services, SATEL offers its customers a full range of works aimed at meeting the requirements of legislation in the field of processing and protection of personal data:
Information systems attestation is a complex of organizational and technical measures as a result of which conformity of security system to requirements is confirmed.
Unlike of FSTEC Order No. 17 of February 11, 2013, where this procedure is mandatory for state information systems, attestation of other systems is organized by the information owner or operator on a voluntary basis.
The complex of works on information systems attestation includes the following stages:
Using the accumulated experience and knowledge, SATEL specialists guarantee a high level of work on information systems attestation.