THE ORDER OF OPERATIONAL ANALYTICAL CENTER IN CASE OF THE PRESIDENT OF THE REPUBLIC OF BELARUS

of October 12, 2018 No. 151

About approval of the Regulations on safety of crucial objects of informatization

Based on Item 6 of the Regulations on reference of objects of informatization to crucial and safety of crucial objects of informatization, No. 486 approved by the Presidential decree of the Republic of Belarus of October 25, 2011 "About some measures for safety of crucial objects of informatization", PRIKAZYVAYU:

1. Approve the enclosed Regulations on safety of crucial objects of informatization.

2. Determine that reduction in compliance with this order of security systems of the crucial objects of informatization included in the State register of crucial objects of informatization before entry into force of this order is not required.

3. This order becomes effective since October 30, 2018.

Approved by the Order of Operational analytical center in case of the President of the Republic of Belarus of October 12, 2018 No. 151

Regulations on safety of crucial objects of informatization

1. In this Provision the procedure for organization of events on safety of crucial objects of informatization (further - KVOI), including actions for creation of security system of KVOI of legal, organizational and technical nature, monitoring of safety hazards of KVOI and response to such threats is established.

2. For the purposes of this provision terms and their determinations in the values determined by the Law of the Republic of Belarus of November 10, 2008 "About information, informatization and information protection" are applied (The national register of legal acts of the Republic of Belarus, 2008, No. 279, 2/1552), Regulations on reference of objects of informatization to crucial and safety of crucial objects of informatization, the approved Presidential decree of the Republic of Belarus of October 25, 2011 No. 486 "About some measures for safety of crucial objects of informatization" (The national register of legal acts of the Republic of Belarus, 2011, No. 121, 1/13026), the Provision about technical and cryptographic information protection in the Republic of Belarus, the approved Presidential decree of the Republic of Belarus of April 16, 2013 No. 196 "About some measures for information protection enhancement" (The national legal Internet portal of the Republic of Belarus, 18.04. 2013, 1/14225), technical regulatory legal acts, and also following terms and their determinations:

assets of KVOI - KVOI which are part technical, program, software and hardware tools (including information security products), the processed information, management systems information, production and (or) engineering procedures;

the owner of KVOI - the subject exercising rights of possession, uses and orders of KVOI according to the legislation;

information security of KVOI - condition of security of assets of KVOI from safety hazards of KVOI and risks of safety of KVOI;

risk of safety of KVOI - probability of realization of safety hazards to assets of KVOI which can entail violation or the termination of their functioning;

event of safety of KVOI - established fact of realization of safety hazards of KVOI.

3. For accomplishment of actions for safety of KVOI by the owner of KVOI the division and (or) the official (worker) having the higher education in the field of technical and (or) cryptographic information protection either the highest or vocational training and who underwent retraining or advanced training concerning technical and (or) cryptographic information protection according to the procedure, established by the legislation is designated (further - security police (the authorized worker)).

4. Owners of KVOI develop and accept (publish) local regulatory legal acts in which tasks and functions of security police (the authorized worker) concerning safety of KVOI are determined, and also the procedure is established:

interactions of security police (the authorized worker) with other workers of the owner of KVOI concerning safety of KVOI;

approvals of security police (the authorized worker) of acceptance, dismissal, transfer, movement of workers which labor obligations provide operation of KVOI, concerning safety of KVOI;

briefings, actions for informing and development of practical skills of actions for safety of KVOI;

protection of the data containing in operational documentation on KVOI, documentation on security system of KVOI, other information, distribution and (or) provision of which it is limited, from its disclosure or illegal access to it from the third parties;

interactions of the owner of KVOI with other legal entities and physical persons, including in case of the conclusion and execution of agreements, concerning safety of KVOI.

5. For safety of KVOI the security system of KVOI including complex of actions of legal, organizational and technical nature, including actions for monitoring of safety hazards of KVOI and response to such threats is created.

6. Security system of KVOI:

it is developed for the purpose of risks assessment of safety of KVOI, providing right choice and the subsequent updating of controls safety of KVOI at all stages of its lifecycle, and also efficiency of internal control;

it is documentary drawn up in the form of the formalized rules and procedures of safety management of KVOI.

7. During creation of security system of KVOI are performed:

7.1. determination of the main and auxiliary processes of the main activities of the owner of KVOI;

7.2. determination internal (organizational structure, information systems, information flows and processes) and the external aspects (interrelation with partners and another) exerting impact on safety of KVOI;

7.3. determination is more whole than safety of KVOI compatible to processes of activities of the owner of KVOI and the strategy (the concept, the plan) of development;

7.4. development of the information security policy containing:

purposes and processes of information security;

the list of requirements of information security and employee obligation on their accomplishment;

organizational structure of security system;

obligations on continuous improvement of security system;

priority directions of information security;

references to regulations of acts of the legislation, including technical regulatory legal acts, and also to local regulatory legal acts;

Disclaimer! This text was translated by AI translator and is not a valid juridical document. No warranty. No claim. More info