Controls and regulatory support (FZ152, FZ187, commercial and state secrets)

Assignment

Information Security within the Scope of Company Activities

In modern business realities, failure to comply with IS rules leads to leakage of confidential information and damages the company's reputation in the market. The responsibility of compliance with IS within an organization is to protect any information within the scope of the company's activities.

Information Storage and Processing

The storage and processing of certain types of information are regulated by the legislation of the Russian Federation:

Federal Law No. 152-FZ "On Personal Data" dated July 27, 2006, which establishes the rules for the processing and security of personal data.
Federal Law No. 187-FZ "On the Security of Critical Information Infrastructure of the Russian Federation" dated July 26, 2017.
Federal Law No. 98-FZ "On Commercial Secrets" dated July 29, 2004.
Federal Law No. 5485-1 "On Official Secrets" dated July 21, 1993.

Audits

Audits are conducted to assess the security level of the company’s infrastructure and ensure compliance with Occupational Safety Standards. The following factors are taken into account:

Benefits of the Subsystem

Risk Reduction

Information security incidents have financial and reputational costs for the company. Conducting security level audits of the information infrastructure allows you to identify vulnerabilities, develop a plan to address them, and thus reduce the risks of information security incidents.