FREQUENTLY ASKED QUESTIONS

Question: What information should be provided to certify information security system?

Answer:

LIST OF REFERENCE DATA SUBMITTED BY THE APPLICANT
TO CERTIFY INFORMATION SECURYTI SYSTEM:
 
  • Fullname of the information system, its purpose.
  • The list information, distribution and (or) limited provision.
  • Organizational structure of an information system.
  • Rules of differentiation of access in the information system.
  • The model of the rules infringer of access control information system.
  • The complex of technical means, which is processed by the protected information.
  • The structure of the software used, intended for the treatment of sensitive information, the protocols of information exchange.
  • General functional scheme of the information system, including the scheme of information flows and modes of protected information processing.
  • The presence and character of interaction with other objects.
  • The composition and structure of information security systems.
  • Information about the developers of the systems of information protection.
  • Presence of certificates of conformity or expert conclusions on information protection.
  • The existence and basic characteristics of physical security information system (premises, where it is processed protected data and stores information carriers).
  • The documents establishing the classification of the information system to the class of typical objects of Informatization according to STB 34.101/30-2007/
  • Job security for the information system.
  • The design and operational documentation for information, other data that affect information security.
  • Organizational and administrative documents regulating matters of ensuring information security in the information system (extracts from documents), including:
  1. document, confirming availability of organization departments on technical protection of information or a specially appointed official responsible for implementation of measures of technical protection of information;
  2. instruction on protection of information in the information system;
  3. the instruction on the procedure of application of means of information protection in the information system;
  4. the program of carrying out of acceptance tests of the systems of information protection;
  5. Act and Protocol of acceptance testing of information security systems;
  6. the test protocols, means of information protection;
  7. assessment of job security.

Ask your question