of March 31, 2023 No. 2023-P-14/21-1-(PS)
About approval of the Provision "About Requirements for Ensuring Information Security of Operators of Payment Systems and Payment Institutes"
According to Articles 5, "About National Bank of the Kyrgyz Republic" the Board of National Bank of the Kyrgyz Republic decides 9 and 64 constitutional Laws of the Kyrgyz Republic:
1. Approve the Provision "About Requirements for Ensuring Information Security of Operators of Payment Systems and Payment Institutes" it (is applied).
2. To legal management:
- from the date of receipt of the relevant documents within 3 (three) working days to publish this resolution on the official website of National Bank of the Kyrgyz Republic;
- after official publication to send this resolution to the Ministry of Justice of the Kyrgyz Republic for inclusion in the State register of regulatory legal acts of the Kyrgyz Republic.
3. This resolution becomes effective after 15 (fifteen) days from the date of official publication, except for Chapter 3 of the Provision "About Requirements for Ensuring Information Security of Operators of Payment Systems and Payment Institutes" approved by this resolution which becomes effective since July 1, 2023.
4. To management of payment systems from the date of receipt of the relevant documents within 3 (three) working days to bring this resolution to the attention of operators of payment systems, payment institutes and Consolidation of legal entities "Association of operators of KG (KEY-DZHI) payment service providers".
5. To department "Secretariat of Board" within 3 (three) working days to bring this resolution to the attention of structural divisions, regional managements and Representative office of National Bank of the Kyrgyz Republic in Batken Province.
6. To impose control of execution of this resolution on the board member of the National Bank of the Kyrgyz Republic supervising management of payment systems.
Chairman of National Bank of the Kyrgyz Republic
K. Bokontayev
Appendix
to the Resolution of Board of National Bank of the Kyrgyz Republic of March 31, 2023 No. 2023-P-14/21-1-(PS)
1. The purpose of this provision is establishment of single requirements for operators of the payment systems and payment institutes (further - OPS/PO) directed to increase in level of information security in OPS/PO, and also minimization of the possible losses caused by actions of malefactors, emergency failures and human errors.
2. For the purpose of this provision the determinations used in regulations of National Bank of the Kyrgyz Republic (further - National Bank) on payment system, and also the following determinations are applied:
The automated system - the system consisting of the hardware and software of the automation equipment of organization activity, methods and actions realizing information technology of accomplishment of the established functions.
Authorization - provision process to certain object / subject of the rights to accomplishment of some actions according to the carried-out role in system.
Authentication - check of accessory to the object/subject of access of the identifier shown them or authenticity confirmation.
Availability of data asset - the property of information security of OPS/PO consisting that data assets are provided to the authorized user, and in the type and the place necessary for the user and when they are necessary for it.
Lifecycle of information system - the period which begins with the decision making moment about need of creation of information system and comes to an end at the time of its complete withdrawal from operation.
The identifier - unique sign of the subject or access object.
Identification - assignment process to objects/subjects of the identifier (unique name) or comparison of the identifier of the object/subject with the list of the appropriated identifiers.
Information system - the system intended for storage, search and information processing and the appropriate organizational resources by means of which information is provided and extends.
Data assets - the information having value for OPS/PO from the point of view of achievement of its purposes and provided on any material carrier in suitable for its processing, storage or transfer to form.
Confidentiality of data asset - the condition of the OPS/PO resources consisting that processing, storage and transfer of data assets are performed in such a way that data assets are available only to the authorized users, objects of system or processes.
Object - the process which is carried out in information system, requesting permission to receipt of information access.
The password - the confidential character set intended for confirmation of powers of the user.
The user of the automated system - the subject or object registered in the automated system and using its resources (employees, members of payment service provider).
Authorization - action for provision to the user of possibility of accomplishment (provision of permission) of specific actions in system on the basis of its job responsibilities. Without special sanction access to any information or appendix is not allowed to any user.
The subject - the user requesting permission to receipt of information access.
Token ("key") - the compact device in the form of the USB-stick or key in cloud (the special protected server) which serves for authorization of the user, protection of electronic correspondence, safe remote access to information resources, and also reliable storage of any personal data.
Integrity of data asset - property of information security of OPS/PO to keep invariance or to find the fact of change in the data assets.
3. The management system information security is part of the general management system based on use of evaluation methods of business risks for development, implementation, functioning, monitoring, the analysis, support and improvement of information security of OPS/PO.
4. The National Bank has the right to perform check of OPS/PO on observance of the requirements established by this Provision, and also other regulatory legal acts of National Bank regarding respect for information security of OPS/PO.
5. The management of OPS/PO bears complete responsibility for use and functioning of all its information system, including for actions of the agents and subagents connected with its use.
6. In management of system of providing OPS/PO with information security shall use continuously such processes as planning, realization, check and enhancement.
7. Requirements for information security shall be in a complex interconnected and continuous on all stages of lifecycle of information systems.
Disclaimer! This text was translated by AI translator and is not a valid juridical document. No warranty. No claim. More info
Database include more 50000 documents. You can find needed documents using search system. For effective work you can mix any on documents parameters: country, documents type, date range, teams or tags.
More about search system
If you cannot find the required document, or you do not know where to begin, go to Help section.
In this section, we’ve tried to describe in detail the features and capabilities of the system, as well as the most effective techniques for working with the database.
You also may open the section Frequently asked questions. This section provides answers to questions set by users.