Document from CIS Legislation database © 2003-2022 SojuzPravoInform LLC

RESOLUTION OF BOARD OF NATIONAL BANK OF THE REPUBLIC OF KAZAKHSTAN

of March 27, 2018 No. 48

About approval of Requirements to ensuring information security of the banks, branches of nonresident banks of the Republic of Kazakhstan and the organizations performing separate types of banking activities, Rules and terms of provision of information on incidents of information security including data on violations, failures in information systems

(as amended on 29-04-2022)

According to Item 7 of article 61-5 of the Law of the Republic of Kazakhstan of August 31, 1995 "About banks and banking activity in the Republic of Kazakhstan" the Board of National Bank of the Republic of Kazakhstan DECIDES:

1. Approve:

1) Requirements to ensuring information security of banks, branches of nonresident banks of the Republic of Kazakhstan and the organizations performing separate types of banking activities according to appendix 1 to this resolution;

2) Rules and terms of provision of information on incidents of information security, including data on violations, failures in information systems, according to appendix 2 to this resolution.

2. Declare invalid the resolution of Board of National Bank of the Republic of Kazakhstan of March 31, 2001 No. 80 "About approval of Rules on safety of information systems of banks of the second level and the organizations performing separate types of banking activities (registered in the Register of state registration of regulatory legal acts at No. 1517).

3. To management of information threats and cyberprotection (Perminov R. V.) in the procedure established by the legislation of the Republic of Kazakhstan to provide:

1) together with Legal department (Sarsenov N. V.) state registration of this resolution in the Ministry of Justice of the Republic of Kazakhstan;

2) within ten calendar days from the date of state registration of this resolution the direction it the copy in paper and electronic type in the Kazakh and Russian languages in the Republican state company on the right of economic maintaining "The republican center of legal information" for official publication and inclusion in Reference control bank of regulatory legal acts of the Republic of Kazakhstan;

3) placement of this resolution on official Internet resource of National Bank of the Republic of Kazakhstan after its official publication;

4) within ten working days after state registration of this resolution submission to Legal department of data on execution of the actions provided by subitems 2), 3) of this Item and item 4 of this resolution.

4. To management on consumer protection of financial services and external communications (Terentyev A. L.) provide within ten calendar days after state registration of this resolution the direction it to the copy on official publication in periodic printing editions.

5. To impose control of execution of this resolution on the vice-chairman of National Bank of the Republic of Kazakhstan Smolyakov O. A.

6. This resolution becomes effective after ten calendar days after day of its first official publication, except for the subitem 1) of Item 1 and Item 2 of this resolution which become effective since December 1, 2018.

Chairman of National Bank

D. Akishev

Appendix 1

to the Resolution of Board of National Bank of the Republic of Kazakhstan of March 27, 2018 No. 48

Requirements to ensuring information security of banks, branches of nonresident banks of the Republic of Kazakhstan and the organizations performing separate types of banking activities

Chapter 1. General provisions

1. These Requirements to ensuring information security of the banks, branches of nonresident banks of the Republic of Kazakhstan and the organizations performing separate types bank transactions (further – Requirements), are developed according to Item 7 of article 61-5 of the Law of the Republic of Kazakhstan "About banks and banking activity in the Republic of Kazakhstan" and establish requirements to ensuring information security of banks, branches of nonresident banks of the Republic of Kazakhstan (further – bank) and the organizations performing separate types of banking activities (further – the organization).

2. In Requirements the concepts provided by the Law of the Republic of Kazakhstan "About informatization" and also the following concepts are used:

1) information security in the sphere of informatization (further – information security) – condition of security of electronic information resources, information systems and information and communication infrastructure from external and internal threats;

2) the regular data carrier – the data carrier which is component of object of information and communication infrastructure and connected to it on permanent basis;

3) data asset – set of information and the object of information and communication infrastructure used for its storage and (or) processing;

4) IT manager of information system / asset – the worker or division (workers or divisions) bank, the organization responsible for maintenance of information system / asset in the condition conforming to requirements of the business owner of information system / asset;

5) the business owner of information system or subsystem – the division (worker) of bank, the organization which is (being) the owner of the main business process which is automated by information system or subsystem;

6) information and communication infrastructure (further – information infrastructure) – set of the objects of information and communication infrastructure intended for ensuring functioning of the technological circle for the purpose of forming of electronic information resources and provision of access to them;

7) perimeter of protection of information and communication infrastructure – set of the software and hardware separating information and communication infrastructure of bank, organization external information networks and realizing protection against threats of information security;

8) threat of information security – set of the conditions and factors creating prerequisites to emergence of incident of information security;

9) risk of information security - probable emergence of damage owing to violation of confidentiality, deliberate violation of integrity or availability of data assets of bank, the organization;

10) ensuring information security – the process directed to maintenance of condition of confidentiality, integrity and availability of data assets of bank, organization;

Warning!!!

This is not a full text of document! Document shown in Demo mode!

If you have active License, please Login, or get License for Full Access.

With Full access you can get: full text of document, original text of document in Russian, attachments (if exist) and see History and Statistics of your work.

Get License for Full Access Now

Disclaimer! This text was translated by AI translator and is not a valid juridical document. No warranty. No claim. More info

Effectively work with search system

Database include more 50000 documents. You can find needed documents using search system. For effective work you can mix any on documents parameters: country, documents type, date range, teams or tags.
More about search system

Get help

If you cannot find the required document, or you do not know where to begin, go to Help section.

In this section, we’ve tried to describe in detail the features and capabilities of the system, as well as the most effective techniques for working with the database.

You also may open the section Frequently asked questions. This section provides answers to questions set by users.

Search engine created by SojuzPravoInform LLC. UI/UX design by Intelliants.