Approved by Board of the Central bank of the Republic of Uzbekistan of June 23, 2001 No. 492

The instruction about the organization of protection of electronic information in banks of the Republic of Uzbekistan

This Instruction is developed on the basis of the item 7, of 36, of 51 Law "About the Central Bank" and item 38 of the Law "About Banks and Banking Activity", "Regulations on Conducting Calculations between Banks of the Republic of Uzbekistan for Electronic Payment System", approved by the Ministry of Justice N 1010 of February 19, 2001.

1. General rules

1. Methodical instructions establish the main directions and procedure for implementation of information security in bank system.

2. These methodical instructions are obligatory for all organizations of banks in the part concerning implementation of means of information protection in bank system under the organization of document handling by the computer aids (CA).

3. This methodical instruction for measure of implementation of means of information protection in bank system can be specified and supplemented.

2. Access to transfer (acceptance) of information

4. In organizations of banks the following persons have access to the accepted and transmitted data on the electronic payment system (EPS):

a) the operator having information access;

b) the chief accountant (the deputy chief accountant, in the absence of the chief accountant).

5. Persons occupied with operation and servicing of SVT and also users are allowed to work only after studying and examination by them of this Instruction, maintenance instructions of technical means, and also other documents concerning providing the mode of information security.

3. Ensuring protection of trade secret against leakage and unauthorized access when using SVT for processing of bank information.

6. SVT are placed in the rooms separate soundproofed, protected from strangers, reliably protected. These rooms shall meet the following requirements:

a) main walls and reliable overlappings;

b) the strong doors equipped with shifrozamka or other locks;

c) remedies of windows from possible penetration through them into the room, and also the curtains at windows protecting from visual observation and, if necessary, the alarm system connected with division of protection;

d) meet the requirements of fire safety.

7. In rooms where SVT are established, installation and operation of radio receiving stations, the electric clock and other weak-current equipment which is not protected as appropriate from information leakage is not recommended. In those rooms where the most valuable and important confidential information can be processed, installation of generators of zashumleniye is reasonable.

8. Rooms in which SVT are placed shall be located taking into account necessary isolation of certain technological sites and reliable information security. Access to them is allowed to persons provided by the item 4, and in need of access for other persons it is performed only with the permission of the corresponding head. In each room only those persons who have the right of entrance to it shall work.

9. Each room shall be equipped with metal cases or safes for storage of external magnetic carriers with confidential data, the applied and other software.

10. It is necessary for heads under whose authority SVT are together with the corresponding specialists and legal services:

a) determine the list of the data which are bank secrecy of the relevant bank or its division;

b) draft the standard "Agreement obligation on preserving trade secret and other office information" for signing by his each employee possessing the specified information for possibility, in case of need, applications of regulations of the civil legislation on compensation of the caused damage;

c) according to recommendations to develop and perform actions for providing the mode of protection in case of data collection and processing, and also on non-admission of the unauthorized access consisting in obtaining from SVT by users, service personnel or strangers, information to which they have no right of access;

d) take measures to prevention of leakage of confidential information from SVT, disclosure of these data, loss or plunders of machine data carriers, to elimination of collateral radiations and aimings;

e) take measures for exception of cases of spoil of valuable information in SVT as a result of inadvertent or deliberate change, misstatement or its destruction by workers, and also as a result of defects of technical means or errors of the software of SVT;

e) appoint the orders system administrators or responsible persons from the most trained staff of this or that division of bank for ensuring qualified and competent operation of SVT, observance of requirements and recommendations about use of application software and options of configuration of the corresponding categories SVT;

g) for the purpose of protection of SVT against "the virus attacks" to stop unauthorized unauthorized change of configuration of computers and installation not last expert evaluation of Department of safety and information security of the Central bank of the Republic of Uzbekistan and software products, including various computer games, etc. recommended for use;

h) exercise control of observance of established procedure of differentiation of access to confidential information, and also of movement and safety of all documents arriving on processing of SVT;

i) to systematically carry out work on increase in professional qualification of employees;

j) develop and perform check actions for ensuring reliable protection of rooms in which SVT are placed.

11. The persons operating and serving SVT shall:

a) to know well and to strictly fulfill the established requirements for providing the mode of information security when using SVT;

b) observe established procedure of accounting of the works which are carried out on SVT, including data preparation, their input, processing and issue of results of processing, carrying out maintenance and repair works;

c) provide reliable storage of machine data carriers and machine documents;

d) observe the set mode of differentiation of information access, being bank secrecy;

e) about all facts of attempts of unauthorized access, leakage or spoil of information to immediately inform the corresponding persons (the head of bank and the Central bank) and to take measures for localization of damage which can be caused as a result of these incidents.

11-1. Transfer of the data which are the state secret through banking telecommunication network is strictly forbidden.

Disclaimer! This text was translated by AI translator and is not a valid juridical document. No warranty. No claim. More info