Information security documents
Confidential Information Laws
Federal Law "On the Protection of Personal Data"
Federal Law "On the Protection of Personal Data". This law, in particular, defines the requirements for information systems of personal data and regulates the necessary organizational and technical measures to protect personal data from unauthorized or accidental access to them.
Federal Law "On Commercial Secrets"
Federal law on trade secrets. This law regulates relations related to the classification of information as a trade secret, the transfer of such information, and the protection of its confidentiality.
Law "On Archives"
Federal Law "On Archives". This law regulates relations in the field of organizing storage, acquisition, accounting and use of documents from the Archival Fund of the Russian Federation and other archival documents, regardless of their form of ownership.
Bank of Russia standard
“Ensuring information security of organizations in the banking system of the Russian Federation. General provisions ". This document, in particular, regulates the procedure for working with confidential information within the bank.
Basel II Agreement
"International convergence of capital measurement and capital standards: new approaches." All banks in Europe, as well as the largest banks in the United States, must have archives of electronic correspondence with the possibility of analytical sampling and a guarantee of the authenticity of the stored messages.
The Health Insurance Portability and Accountability Act of 1996 states that: "All medical, insurance and financial organizations dealing with sensitive health information must keep all their electronic records for at least 6 years."
Sarbanes-Oxley Act of 2002, §802 - All public companies listed on the US stock market are required to collect, archive, and store corporate electronic correspondence for a minimum of seven years.
U.S. Securities Commission Rule 17a-4
SEC Rule 17a-4. All publicly traded financial companies that are listed on the US stock market must store customer correspondence in a separate database.
Federal Law "On Communications"
This Federal Law establishes the legal basis for activities in the field of communications on the territory of the Russian Federation and in the territories under the jurisdiction of the Russian Federation, determines the powers of state authorities in the field of communications, as well as the rights and obligations of persons participating in these activities or using communications services.
Information security doctrine
This document is a set of official views on the goals, objectives, principles and main directions of ensuring information security in the Russian Federation. The doctrine serves as the basis for:
- formation of state policy in the field of ensuring the IS of the Russian Federation
- preparation of proposals for improving the legal, methodological, scientific, technical and organizational support of the IS RF;
- development of target software for IS RF.
The doctrine of the RF IS was approved by the President of Russia V.V. Putin 9.09.2000. The new version of the doctrine was adopted in December 2016.
Federal Law "On Information, Information Technologies and Information Protection"
The Law "On Information, Information Technologies and Information Protection" defines and enshrines the rights to information protection and information security of citizens and organizations in computers and information systems, as well as issues of information security of citizens, organizations, society and the state. The law provides a legal definition of the concept of "information": "information - information (messages, data), regardless of the form of their presentation."
Federal Law "On Countering the Unlawful Use of Insider Information"
New for the Russian legal field, Federal Law No. 224-FZ defines information related to insider information, designates a list of persons related to insiders, as well as actions related to market manipulation. It also establishes measures to counter the misuse of insider information and market manipulation and a list of prohibited ways to use insider information, the obligation and procedure for its disclosure.
The requirements of the law are directed, among other things, to banks. For automated control over confidential information, IS banking services use DLP systems .
Federal Law "On Banks and Banking Activities"
The security of information classified as banking secrecy is ensured in accordance with Article 26 of the Federal Law "On Banks and Banking Activities"
Federal Law "On Electronic Signature"
The Law of the Russian Federation of April 6, 2011 No. 63-FZ "On Electronic Signatures" prescribes the conditions for the use of electronic signatures, especially its use in public administration and in the corporate information system. Thanks to the electronic signature, now, in particular, many Russian companies carry out their trade and procurement activities on the Internet, through the "Systems of electronic commerce", exchanging the necessary documents in electronic form signed by the electronic signature with contractors. This greatly simplifies and speeds up the conduct of competitive trading procedures.
[page link = "/ promo-block-kib /"]