Document from CIS Legislation database © 2003-2022 SojuzPravoInform LLC

JOINT ORDER OF THE MINISTER OF DIGITAL DEVELOPMENT, DEFENSE AND AEROSPACE INDUSTRY OF THE REPUBLIC OF KAZAKHSTAN AND MINISTER OF NATIONAL ECONOMY OF THE REPUBLIC OF KAZAKHSTAN

of June 4, 2019 No. 114/Tax Code, 6 of June, 2019 No. 52

About approval of criteria for evaluation of risk degree and checking sheets in the field of informatization, communication, behind compliance with law of the Republic of Kazakhstan about the electronic document and the electronic digital signature

(as amended on 13-10-2020)

According to Item 3 of Article 141 and Item 1 of article 143 of the Entrepreneurial code of the Republic of Kazakhstan of October 29, 2015, PRIKAZYVAYEM:

1. Approve:

1) Criteria for evaluation of risk degree in the field of informatization according to appendix 1 to this joint order;

2) Criteria for evaluation of risk degree in the field of communication according to appendix 2 to this joint order;

3) the Checking leaf in the field of informatization according to appendix 3 to this joint order;

4) the Checking leaf in the field of communication, according to appendix 4 to this joint order;

5) the Checking leaf behind compliance with law of the Republic of Kazakhstan about the electronic document and the electronic digital signature according to appendix 5 to this joint order.

2. Declare invalid:

1) the Joint order of the acting minister on investments and development of the Republic of Kazakhstan of December 30, 2015 No. 1275 and the acting minister of national economy of the Republic of Kazakhstan of December 31, 2015 No. 841 "About approval of criteria for evaluation of risk degree and checking sheets in the field of informatization, communication, behind compliance with law of the Republic of Kazakhstan about the electronic document and the electronic digital signature" (it is registered in the Register of state registration of regulatory legal acts for No. 12990, it is published in information system of law of Ad_let on February 16, 2016);

2) the Joint order of the Minister of information and communications of the Republic of Kazakhstan of October 31, 2018 No. 456 and the Minister of national economy of the Republic of Kazakhstan of October 31, 2018 No. 40 "About introduction of amendments to the joint order of the acting minister on investments and development of the Republic of Kazakhstan of December 30, 2015 No. 1275 and the acting minister of national economy of the Republic of Kazakhstan of December 31, 2015 No. 841 "About approval of criteria for evaluation of risk degree and checking sheets in the field of informatization, communication, behind compliance with law of the Republic of Kazakhstan about the electronic document and the electronic digital signature" (it is registered in the Register of state registration of regulatory legal acts for No. 17675, it is published in Reference control bank of regulatory legal acts electronic form on November 8, 2018).

3. To provide to committee of telecommunications of the Ministry of digital development, defense and aerospace industry of the Republic of Kazakhstan:

1) state registration of this joint order in the Ministry of Justice of the Republic of Kazakhstan;

2) within ten calendar days from the date of state registration of this joint order the direction it in the Kazakh and Russian languages in the Republican state company on the right of economic maintaining "Institute of the legislation and legal information of the Republic of Kazakhstan" the Ministries of Justice of the Republic of Kazakhstan for official publication and inclusion in Reference control bank of regulatory legal acts of the Republic of Kazakhstan;

3) placement of the copy of this joint order on the Internet - resource of the Ministry of digital development, the defense and aerospace industry of the Republic of Kazakhstan.

4) within ten working days after state registration of this joint order in the Ministry of Justice of the Republic of Kazakhstan submission to Legal department of the Ministry of digital development, the defense and aerospace industry of the Republic of Kazakhstan of data on execution of the actions provided by subitems 1), 2) and 3) of this Item.

4. To impose control of execution of this joint order on the supervising vice-minister of digital development, the defense and aerospace industry of the Republic of Kazakhstan.

5. This joint order becomes effective after ten calendar days after day of its first official publication.

Minister of digital development, defense and aerospace industry of the Republic of Kazakhstan

 

____________ A. Zhumagaliyev

Minister of national economy of the Republic of Kazakhstan

___________ R. Dalenov

It is approved

Committee on legal statistics and special accounting of the Prosecutor General's Office of the Republic of Kazakhstan

 

Appendix 1

to the Joint Order of the Minister of digital development, the defense and aerospace industry of the Republic of Kazakhstan and the Minister of national economy of the Republic of Kazakhstan of June 4, 2019 No. 114/Tax Code, 6 of June, 2019 No. 52

Criteria for evaluation of risk degree in the field of informatization

Chapter 1. General provisions

1. These Criteria for evaluation of risk degree in the field of informatization (further - Criteria) are developed in compliance by the Entrepreneurial code of the Republic of Kazakhstan of October 29, 2015 (further - the Code) and Rules of forming by the state bodies of system of risks assessment and form of checking sheets approved by the order of the acting minister of national economy of the Republic of Kazakhstan of July 31, 2018 No. 3 (it is registered in the Register of state registration of regulatory legal acts for No. 17371) for reference of the checked subjects to risk degrees and selection of the checked subjects when carrying out preventive control with visit of subject (object) of control.

2. In these Criteria the following concepts are used:

1) the checked subjects in the field of informatization (further - the checked subjects) - owners or owners of objects of informatization of "the electronic government";

2) considerable violation - non-compliance with requirements for safety, protection, to recovery of electronic information resources in case of failure or damage of objects of informatization of "the electronic government", non-compliance with requirements for implementation of the automated accounting, safety and periodic archiving of data on appeals to objects of informatization of "the electronic government", and also requirements for collection, processing and personal data storage, availability of two or more confirmed claims or addresses to areas of informatization;

3) insignificant violation - lack of supporting documents receipt of consent of the subject to collection and processing of its personal data in cases, stipulated by the legislation the Republic of Kazakhstan, availability of one confirmed claim or address to areas of informatization;

4) gross violation - violations which can lead to illegal distribution and use of information of state bodies and personal data, and also its misstatement and loss;

5) risk - probability of damnification as a result of activities of the subject of control of life or to health of the person, the environment, legitimate interests of physical persons and legal entities, valuable interests of the state taking into account severity of its effects;

6) objective criteria for evaluation of risk degree (further - objective criteria) - the criteria for evaluation of risk degree used for selection of subjects (objects) of control depending on risk degree in certain field of activity and which are not depending directly on separate subject (object) of control;

7) subjective criteria for evaluation of risk degree (further - subjective criteria) - the criteria for evaluation of risk degree used for selection of subjects (objects) of control depending on results of activities of specific subject (object) of control;

8) system of risks assessment - complex of the events held by control facility for the purpose of purpose of preventive control with visit of subject (object) of control;

9) the checking sheet - the list of requirements including requirements imposed to activities of subjects (objects) of control which non-compliance involves threat of life and to health of the person, the environment, legitimate interests of physical persons and legal entities, the states;

3. Criteria for evaluation of risk degree for preventive control with visit of subject (object) of control are created by means of objective and subjective criteria.

Chapter 2. Objective criteria

4. Risk identification in the field of informatization is performed depending on probability of damnification as a result of activities of the checked subject to legitimate interests of physical persons and legal entities, valuable interests of the state by activities of the checked subjects, connected with uncontrolled use of the information systems integrated with the state information systems, and also containing personal data which can lead to illegal distribution, use and information processing of state bodies, and also personal data by illegal access to information systems.

5. In the field of informatization the checked subjects, the owner or the owner of objects of informatization of state bodies and the quasi-public sector, and also the owner or the owner of the electronic information resources containing personal data treat high risk.

6. The checked subjects, the owner or the owner of the non-state information systems integrated with information system of state body treat the checked subjects which are not carried to high risk.

7. Subjective criteria for the purpose of carrying out preventive control with visit of subject (object) of control are applied to subjects (objects) of control carried by objective criteria to high risk.

Chapter 3. Subjective criteria

8. Subjective criteria are developed based on requirements of the legislation of the Republic of Kazakhstan in the field of informatization (further - requirements) listed in checking sheets which are subdivided into three degrees and are given in appendix to these Criteria:

1) rough;

2) considerable;

3) insignificant.

9. Determination of subjective criteria is performed using the following stages:

1) forming of the database and information collection;

2) information analysis and risks assessment.

10. Forming of the database and information collection are necessary for identification of subjects (objects) of control violating the law of the Republic of Kazakhstan. The correct use of these data will allow to exercise more effectively the state control and to use resources of regulating authorities.

For assessment of degree of risks by subjective criteria the following sources of information are used:

results of the previous checks and preventive control with visit of subjects (objects) of control of the checked subjects. At the same time severity of violations (rough, considerable, insignificant) is established in case of non-compliance with requirements of the legislation of the Republic of Kazakhstan in the field of informatization;

availability and the number of the confirmed claims and addresses on the checked subjects which arrived from physical persons or legal entities, state bodies;

results of monitoring of the data represented by the subject of control, including by means of automated information systems, carried out by state bodies.

11. Assessment of risk degree of the checked subjects and their reference to high or the checked subjects which are not carried to high risk by subjective criteria is performed on the following indicators:

1) subjective criteria "results of the previous checks and preventive control with visit of subjects (objects) of control" are determined by information source according to appendix 1 to these Criteria;

2) subjective criteria "availability and the number of the confirmed claims and addresses to the checked subjects which arrived from physical persons or legal entities of state bodies" are determined by information source according to appendix 2 to these Criteria.

3) subjective criteria "results of monitoring of the data represented by the subject of control, including by means of automated information systems, carried out by state bodies" are determined by information source according to appendix 3 to these Criteria.

12. Determination of risk degree is determined by each information source as follows.

Warning!!!

This is not a full text of document! Document shown in Demo mode!

If you have active License, please Login, or get License for Full Access.

With Full access you can get: full text of document, original text of document in Russian, attachments (if exist) and see History and Statistics of your work.

Get License for Full Access Now

Disclaimer! This text was translated by AI translator and is not a valid juridical document. No warranty. No claim. More info

Effectively work with search system

Database include more 50000 documents. You can find needed documents using search system. For effective work you can mix any on documents parameters: country, documents type, date range, teams or tags.
More about search system

Get help

If you cannot find the required document, or you do not know where to begin, go to Help section.

In this section, we’ve tried to describe in detail the features and capabilities of the system, as well as the most effective techniques for working with the database.

You also may open the section Frequently asked questions. This section provides answers to questions set by users.

Search engine created by SojuzPravoInform LLC. UI/UX design by Intelliants.