of July 30, 2018 No. 164
About approval of Requirements to the organization of the safe work ensuring safety and information security from unauthorized access to the data which are stored in the insurance (reinsurance) organization, and also cyber security of the insurance (reinsurance) organization
According to the Law of the Republic of Kazakhstan of December 18, 2000 "About insurance activity" the Board of National Bank of the Republic of Kazakhstan DECIDES:
2. To department of regulation of the non-bank financial organizations (Kosherbayeva A. M.) in the procedure established by the legislation of the Republic of Kazakhstan to provide:
1) together with Legal department (Sarsenov N. V.) state registration of this resolution in the Ministry of Justice of the Republic of Kazakhstan;
2) within ten calendar days from the date of state registration of this resolution the direction it the copy in paper and electronic type in the Kazakh and Russian languages in the Republican state company on the right of economic maintaining "The republican center of legal information" for official publication and inclusion in Reference control bank of regulatory legal acts of the Republic of Kazakhstan;
3) placement of this resolution on official Internet resource of National Bank of the Republic of Kazakhstan after its official publication;
4) within ten working days after state registration of this resolution submission to Legal department of data on execution of the actions provided by subitems 2), 3) of this Item and Item 3 of this resolution.
3. To management on consumer protection of financial services and external communications (Terentyev A. L.) provide within ten calendar days after state registration of this resolution the direction it to the copy on official publication in periodic printing editions.
4. To impose control of execution of this resolution on the vice-chairman of National Bank of the Republic of Kazakhstan Kurmanov Zh. B.
5. This resolution becomes effective since January 1, 2019 and is subject to official publication.
Chairman of National Bank
D. Akishev
Approved by the Resolution of Board of National Bank of the Republic of Kazakhstan of July 30, 2018 No. 164
1. These Requirements to the organization of the safe work ensuring safety and information security from unauthorized access to the data which are stored in the insurance (reinsurance) organization, and also cyber security of the insurance (reinsurance) organization (further - Requirements) are developed according to the Law of the Republic of Kazakhstan of December 18, 2000 "About insurance activity" and establish requirements to the organization of the safe work ensuring safety and information security from unauthorized access to the data which are stored in the insurance (reinsurance) organization, and also cyber security of the insurance (reinsurance) organization.
2. In Requirements the following concepts are used:
1) data asset - set of information and the object of information-communication infrastructure used for storage and (or) information processing;
2) objects of information-communication infrastructure - information systems of the insurance (reinsurance) organization, technological frameworks, the hardware and software, networks of telecommunications, and also systems of ensuring smooth functioning of technical means and information security;
3) information and communication infrastructure (further - information infrastructure) - set of the objects of information and communication infrastructure intended for ensuring functioning of the technological circle for the purpose of forming of electronic information resources and provision of access to them;
4) information security - condition of security of electronic information resources, information systems and information infrastructure from external and internal threats;
5) threat of information security - set of the conditions and factors creating prerequisites to emergence of incident of information security;
6) ensuring information security - the process directed to maintenance of condition of confidentiality, integrity and availability of data assets of the insurance (reinsurance) organization;
7) incident of information security - separately or serially arising failures in work of information infrastructure or its separate objects creating threat to their proper functioning and (or) conditions for illegal obtaining, copying, distribution, modification, destruction or blocking of electronic information resources of the insurance (reinsurance) organization;
8) data-processing center - specially allocated room in which the server and communication hardware of information infrastructure of the insurance (reinsurance) organization is placed;
9) access - possibility of use of data assets;
10) backup copy - the copy of data on the data carrier intended for recovery of data in the original or new place of their arrangement in case of need;
11) information system of the insurance (reinsurance) organization - information system in which data of the insurance (reinsurance) organization and its clients are stored and processed;
12) technological accounting record - the accounting record in information system intended for authentication between information systems;
13) authorized body - authorized body on regulation, control and supervision of the financial market and the financial organizations;
14) the attack - attempt of destruction, disclosure, change, restriction of access, theft, receipt of unauthorized access or unauthorized use of data asset.
3. The insurance (reinsurance) organization will organize the safe work ensuring safety and information security from unauthorized access to the data which are stored in the insurance (reinsurance) organization and also cyber security of the insurance (reinsurance) organization by creation of management system the information security (further - management system information security) which is part of general management system the insurance (reinsurance) organization intended for process control of ensuring information security.
4. The management system provides with information security protection of data assets of the insurance (reinsurance) organization.
Disclaimer! This text was translated by AI translator and is not a valid juridical document. No warranty. No claim. More info
Database include more 50000 documents. You can find needed documents using search system. For effective work you can mix any on documents parameters: country, documents type, date range, teams or tags.
More about search system
If you cannot find the required document, or you do not know where to begin, go to Help section.
In this section, we’ve tried to describe in detail the features and capabilities of the system, as well as the most effective techniques for working with the database.
You also may open the section Frequently asked questions. This section provides answers to questions set by users.