A sample of the internal document - the plan and guidelines smev for those who work in state or municipal sphere, it is useful to the Director and the Chief of the Department of automation, system administrators, security administrators, HR specialist.
Available disclosed questions: SMEV setup diagram personal data protection system, certification FSTEC, personal data protection, software licensing with registration requirements FSTEC.
The plan: to bring the information system in compliance with the legislation of the Russian Federation in the sphere of information security and personal data. With notes and explanations.
For those who need to know about:
How To Get Passport FSTEC
Instructions SMEV help and other organizations, where processing of personal data, and to whom you want to start the implementation of laws:
152-FZ On Personal Data,
149-FZ On Information, Information Technologies and Protection of Information,
210-FZ On the organization of public and municipal services.
Start to prepare the organization to connect the system of interagency electronic interaction - SMEV and RSMEV (formerly SIR - system of execution of regulations in certain regions)
Where to start to build the information system of personal data - ISPDn
In which case, you need security certificates FSTEC
In which case the necessary sticker SPZ - special protective sign
How to keep intellectual and copyright
How to choose a certification scheme of protection of information - GIS
What types of licenses to choose the server operating system
What types of licenses to select a database management system - database
The main functions of Roskomnadzor, FSTEC and the FSB on the protection of personal data
Stages of construction of the system of protection of personal data - personal data protection system
Important stages and results of building personal data protection system
What methodologies define the functions of the system administrator and the administrator of information security
System requirements for public services in electronic form using digital signature - EDS for its legitimacy
Priority actions for the modernization of the information system - an example
Strategic direction of development of the information system of the modern organization
What documents are needed for the organization of the right to personal data processing - PD
Excerpt: Special requirements and recommendations for technical protection of confidential information needed for state and municipal institutions - PAGE K - reference list of documents necessary for the organization to handle the PD
Review summarizes these issues from disparate data into a single concise document guiding the character, in fact, is the main reference point for the construction of PDIS.
Note: The document should be regarded as a model or basis, but was written for a real municipal institutions.
No feedback yet