FSTEC license for technical protection of confidential information
The activity on the technical protection of confidential information is designed to ensure the protection of state and commercial secrets from leaks and illegal distribution. In the current situation, when software has undeclared capabilities, and foreign-made equipment has technical bugs, protection activity requires a high level of competence, which prompts its licensing. Both a company and an individual entrepreneur can obtain permission, provided that they meet the requirements.
FSTEC powers in the field of licensing
The Federal Service performs the tasks of licensing activities for the technical protection of confidential information, for the development of technical means of data protection, their installation and assembly. In its work, the department relies on a number of methods containing modern international data protection standards.
Service activities related to ensuring data protection by optimizing the work with permissions include the following functions:
- issuance of permits (in regional divisions and the MFC);
- re-registration of documents, for example, in connection with a change in the name of the company;
- suspension of a license if its owner has materially violated the requirements (applied as a form of administrative punishment);
- termination or revocation of the license;
- control over the quality of compliance with the requirements for permit holders;
- maintaining a register of licenses and providing interested parties with extracts from it.
Many market participants believe that it is impossible to obtain a FSTEC license without the help of consultants. The Service, within its competence, issued clarifications on the desirability of preparing documents independently and on the readiness to provide methodological support in this. In the explanation of the FSTEC it was clarified: no one can provide guarantees that permission to develop technical means of information protection will be obtained.
Conditions for obtaining a license
An organization must incur significant costs to enter the information security development market. The regulation on the issuance of licenses contains the requirements that a company must meet in order to become a full-fledged participant in the market for technical information protection. Compliance with such requirements is proved by the provision of a package of documents, in the preparation of which FSTEC can assist.
Developing means of protecting confidential information requires highly qualified specialists. They must have a higher or secondary professional education in the development of information security tools, preferably according to FSTEC accredited programs. If necessary, the department can provide professional retraining.
The second requirement is the availability of premises, protected in accordance with the regulations of the department, in which activities for the development of technical means can be carried out. The premises must be certified, the certificates are attached to the application for a license.
In addition, it is necessary to be present on the basis of ownership or lease of production, testing and control and measuring equipment, which must have passed metrological verification.
In the automated systems that ensure the protection of information related to the activities of the company, software must be installed that has passed certification and attestation as a data protection tool recognized by the department. The software used in the IP must be licensed, the company must be ready to present an agreement with the copyright holder.
An important requirement is the availability of regulations and internal documents that ensure the activities of personnel in the development of protective equipment. These documents should regulate the delimitation of access to data, the safety of information carriers, determine the person responsible for ensuring information security, and the privacy protection policy.
License issuance procedure
The process of issuing a permit is a public service, it is strictly regulated by the terms and possibilities for refusing or suspending the consideration of an application.
List of documents that are attached to the application:
- certificates, attestations, certificates of ownership, confirming the compliance of the company's activities with the requirements of the department;
- constituent documents of the company;
- confirmation of payment of state duty.
Before sending an application, you can consult with a specialist of the department, he will resolve issues related to the collection or execution of documents. The forwarded packet is registered, an incoming number is assigned to it, by which it is possible to track the fate of the application. Within three days after its receipt, a responsible executor is appointed to decide the fate of the licensee. He is given five days to check the completeness of the package of documents and to ask clarifying questions.
The completeness of the data is checked in terms of the availability of all the required documents and the correctness of their execution. To check the accuracy, the specialist requests information from all departments and institutions that issued the submitted documents. If deficiencies are identified, within 15 days from the end of the audit, an order is sent to the company with a request to eliminate them. In total, 45 days are allotted for the consideration of the directed pact, after which the department makes a decision to issue a license or to refuse to grant it. After a positive decision is made, the draft order on the issuance of a license undergoes a legal examination, upon its completion an order is issued and the data on the new license is entered into the register.
Companies do not always cope with the tasks assigned to them, and in critical cases, the license is terminated, either temporarily or permanently. FSTEC strictly monitors compliance with licensing requirements, regularly conducting inspections. Both revocation and suspension of a license can be challenged in court if there are sufficient grounds.