Document from CIS Legislation database © 2003-2022 SojuzPravoInform LLC

THE RESOLUTION OF BOARD OF THE AGENCY OF THE REPUBLIC OF KAZAKHSTAN ON REGULATION AND DEVELOPMENT OF THE FINANCIAL MARKET

of September 12, 2022 No. 67

About approval of Rules of connection and use by the financial organizations of the object of informatization for collection, processing and exchange of information on events and incidents of information security used by the industry center of information security of the financial market and the financial organizations

According to item 4 of article 7-5 of the Law of the Republic of Kazakhstan "About informatization" Board of the Agency of the Republic of Kazakhstan on regulation and development of the DECIDES: financial market

1. Approve the enclosed Rules of connection and use by the financial organizations of the object of informatization for collection, processing and exchange of information on events and incidents of information security used by the industry center of information security of the financial market and the financial organizations.

2. To provide to management of cyber security in the procedure established by the legislation of the Republic of Kazakhstan:

1) together with Legal department state registration of this resolution in the Ministry of Justice of the Republic of Kazakhstan;

2) placement of this resolution on official Internet resource of the Agency of the Republic of Kazakhstan on regulation and development of the financial market after its official publication;

3) within ten working days after state registration of this resolution submission to Legal department of data on execution of the action provided by the subitem 2) of this Item.

3. To impose control of execution of this resolution on the supervising vice-chairman of the Agency of the Republic of Kazakhstan on regulation and development of the financial market.

4. This resolution becomes effective after ten calendar days after day of its first official publication.

The chairman of the Agency of the Republic of Kazakhstan on regulation and development of the financial market

M. Abylkasymova

Appendix

to the Resolution of Board of the Agency of the Republic of Kazakhstan on regulation and development of the financial market of September 12, 2022 No. 67

Rules of connection and use by the financial organizations of the object of informatization for collection, processing and exchange of information on events and incidents of information security used by the industry center of information security of the financial market and the financial organizations

Chapter 1. General provisions

1. These rules of connection and use by the financial organizations of the object of informatization for collection, processing and exchange of information for events and incidents of information security used by the industry center of information security of the financial market and the financial organizations (further – Rules) are developed according to item 4 of article 7-5 of the Law of the Republic of Kazakhstan "About informatization" (further – the Law on informatization) and determine procedure for connection and use by the financial organizations of the object of informatization for collection, processing and exchange of information for events and incidents of information security (further – IB) used by the industry center of information security of the financial market and the financial organizations.

2. Object of informatization of the industry center of information security of the financial market and the financial organizations for collection, processing and exchange of information for events and incidents of information security is automated information processing system on events and incidents of information security of authorized body on regulation, control and supervision of the financial market and the financial organizations (further - ASOI).

3. In Rules the concepts provided by the Law on informatization and also the following concepts are used:

1) the ranking officer – the employee of the financial organization in whose job responsibilities information processing is fixed in ASOI;

2) profile of the financial organization – the structured information on the financial organization in ASOI;

3) the warning of threat – the notification on critical events of IB for all financial organizations;

4) the card of incident – the structured information on incident of IB at the financial organization provided in authorized body according to Rules;

5) the warning of vulnerability – the notification on detection of vulnerabilities at software manufacturers and the equipment used in infrastructure of subjects of the financial market;

6) signal – the structured information on event of IB obtained from the IB systems or systems performing in real time collection and information analysis about events of IB in information infrastructure of the financial organization;

7) request – the official appeal of the financial organizations to each other or to authorized body on regulation, control and supervision of the financial market and the financial organizations (further – authorized body) concerning providing IB, ASOI implemented by the means providing information security;

8) the integration module – the software established in infrastructure of the financial organization for automation of information transfer for events of IB in infrastructure of the financial organization in ASOI.

4. When using ASOI requirements of the Law on informatization, the laws of the Republic of Kazakhstan "About personal data and their protection", "About banks and banking activity in the Republic of Kazakhstan" on safety of the protected information are observed.

Chapter 2. Connection to ASOI

5. The division of information security of the financial organization is connected to ASOI. For creation of profile of the financial organization in ASOI the ranking officer represents the following accounting data of the financial organization to the IB industry center:

1) name of the financial organization;

2) business and identification number of the legal entity;

3) e-mail address.

6. For creation of accounting record of the user of the financial organization in ASOI the ranking officer represents the following accounting data of the user to the IB industry center:

1) surname, name, middle name (in the presence);

2) position;

3) name of the organization;

4) contact telephone numbers;

5) e-mail address.

Warning!!!

This is not a full text of document! Document shown in Demo mode!

If you have active License, please Login, or get License for Full Access.

With Full access you can get: full text of document, original text of document in Russian, attachments (if exist) and see History and Statistics of your work.

Get License for Full Access Now

Disclaimer! This text was translated by AI translator and is not a valid juridical document. No warranty. No claim. More info

Effectively work with search system

Database include more 50000 documents. You can find needed documents using search system. For effective work you can mix any on documents parameters: country, documents type, date range, teams or tags.
More about search system

Get help

If you cannot find the required document, or you do not know where to begin, go to Help section.

In this section, we’ve tried to describe in detail the features and capabilities of the system, as well as the most effective techniques for working with the database.

You also may open the section Frequently asked questions. This section provides answers to questions set by users.

Search engine created by SojuzPravoInform LLC. UI/UX design by Intelliants.