Order of the Minister of information and communications of the Republic of Kazakhstan "About approval of Rules of carrying out audit of information systems"

ORDER OF THE MINISTER OF INFORMATION AND COMMUNICATIONS OF THE REPUBLIC OF KAZAKHSTAN

of June 13, 2018 No. 263

About approval of Rules of carrying out audit of information systems

According to the subitem 22) article 7 of the Law of the Republic of Kazakhstan of November 24, 2015 "About informatization" PRIKAZYVAYU:

1. Approve the enclosed Rules of carrying out audit of information systems.

2. Declare invalid the order of the acting minister on investments and development of the Republic of Kazakhstan of January 28, 2016 No. 134 "About approval of Rules of carrying out audit of information systems" (it is registered in the Register of state registration of regulatory legal acts at No. 13258, it is published on March 10, 2016 in information system of law of Ad_let).

3. To provide to department of informatization of the Ministry of information and communications of the Republic of Kazakhstan in the established legislative procedure:

1) state registration of this order in the Ministry of Justice of the Republic of Kazakhstan;

2) within ten calendar days from the date of state registration of this order the direction it in the Republican state company on the right of economic maintaining "The republican center of legal information" for official publication and inclusion in Reference control bank of regulatory legal acts of the Republic of Kazakhstan;

3) placement of this order on Internet resource of the Ministry of information and communications of the Republic of Kazakhstan;

4) within ten working days after state registration of this order submission to Legal department of the Ministry of information and communications of the Republic of Kazakhstan of data on execution of the actions provided by subitems 1), 2) and 3) of this Item.

4. To impose control of execution of this order on the supervising vice-minister of information and communications of the Republic of Kazakhstan.

5. This order becomes effective after ten calendar days after day of its first official publication.

Minister of information and communications of the Republic of Kazakhstan

D. Abayev

It is approved

Minister of the defense and aerospace industry of the Republic of Kazakhstan

"__" _________ 2018

B. Atamkulov

Approved by the Order of the Minister of information and communications of the Republic of Kazakhstan of June 13, 2018 No. 263

Rules of carrying out audit of information systems

Chapter 1. General provisions

1. These rules of carrying out audit of information systems (further – Rules) are developed according to the subitem 22) of article 7 of the Law of the Republic of Kazakhstan of November 24, 2015 "About informatization" (further – the Law) and determine procedure for carrying out audit of information systems.

2. In these rules the following concepts are used:

1) the owner of objects of informatization – subject to which the owner of objects of informatization granted rights of possession and uses of objects of informatization in the limits determined by the law or the agreement and procedure;

2) audit of information system – independent inspection of information system for the purpose of increase in efficiency of its use;

3) information and communication infrastructure – set of the objects of information and communication infrastructure intended for ensuring functioning of the technological circle for the purpose of forming of electronic information resources and provision of access to them;

4) authorized body in the sphere of informatization (further – authorized body) – the central executive body performing management and cross-industry coordination in the sphere of informatization and "the electronic government";

5) the specifications and technical documentation – set of the documents determining general tasks, the principles and requirements to creation and use (operation) of objects of informatization, and also control of their compliance to the established requirements in the sphere of informatization.

3. Audit of information system is performed on purpose:

1) receipts of assessment of current status of information system, the actions and events which are taking place in them determining the level of their compliance to technical regulations, standards in the sphere of informatization;

2) establishments of compliance of the specifications and technical documentation to requirements of the customer, and also to requirements of information security.

4. Tasks of audit of information systems are:

1) assessment of conformity to Single requirements in the field of information and communication technologies and ensuring information security with the approved order of the Government of the Republic of Kazakhstan of December 20, 2016 No. 832 (further – single requirements).

2) the analysis and assessment of development of security policies and other organizational and administrative documents on protection of information systems;

3) risk analysis, the safety hazards connected with possibility of implementation concerning resources of information systems;

4) problem definition assessment for personnel, concerning ensuring information security;

5) assessment of participation in analysis of the incidents connected with violation of information security;

6) localization of weak spots in system of protection of information systems;

7) determination of extent of participation in user training and service personnel of information systems to questions of ensuring information security;

8) development of recommendations about implementation new and to increase in efficiency of the existing mechanisms of safety of information systems.

9) assessment of conformity of functions of information system to its purposes and tasks;

10) assessment of conformity of creation, implementation and operation of information system to technical regulations, standards in the sphere of informatization;

11) assessment of level of security of information systems, including application software and databases;

12) assessment of condition of information and communication infrastructure of its technical condition and topology;

13) assessment of conformity of the specifications and technical documentation to requirements of the legislation of the Republic of Kazakhstan in the sphere of informatization.

Chapter 2. Procedure for carrying out audit of information systems

5. Audit of information systems is booked at stage of creation, implementation and operation of information systems at the initiative of the owner or the owner of information systems.

Warning!!!

This is not a full text of document! Document shown in Demo mode!

If you have active License, please Login, or get License for Full Access.

With Full access you can get: full text of document, original text of document in Russian, attachments (if exist) and see History and Statistics of your work.

Get License for Full Access Now

Disclaimer! This text was translated by AI translator and is not a valid juridical document. No warranty. No claim. More info

Effectively work with search system

Database include more 50000 documents. You can find needed documents using search system. For effective work you can mix any on documents parameters: country, documents type, date range, teams or tags.
More about search system

Get help

If you cannot find the required document, or you do not know where to begin, go to Help section.

In this section, we’ve tried to describe in detail the features and capabilities of the system, as well as the most effective techniques for working with the database.

You also may open the section Frequently asked questions. This section provides answers to questions set by users.