Document from CIS Legislation database © 2003-2024 SojuzPravoInform LLC

It is registered

Ministry of Justice

Russian Federation

On August 3, 2023 No. 74588

PROVISION OF CENTRAL BANK OF THE RUSSIAN FEDERATION

of June 30, 2023 No. 819-P

About requirements to operational reliability of the operator of automated information system of insurance

This Provision based on the subitem 5 of Item 7 of article 33.10 of the Law of the Russian Federation of November 27, 1992 No. 4015-1 "About the organization of insurance case in the Russian Federation" establishes requirements to operational reliability of the operator of automated information system of insurance.

1. The operator of automated information system of insurance (further - the operator of AIS of insurance) provides accomplishment of the functions in case of realization of information threats, and (or) emergence of failures, and (or) violations of functioning of automated systems, the software, computer aids, the telecommunication equipment (further - objects of information infrastructure), and (or) discrepancies of their functionality and characteristics to needs of the operator of AIS of insurance (further - failures of objects of information infrastructure).

The operator of AIS of insurance shall not allow excesses of value of threshold level of allowed time of idle time and (or) violations of engineering procedures of the operator of AIS of insurance specified in appendix to this Provision (further - engineering procedures), leading to failure to carry out or inadequate accomplishment by the operator of AIS of the insurance of the functions (further respectively - degradation of engineering procedure, threshold level of allowed time of idle time and (or) degradation of engineering procedures of the operator of AIS of insurance) provided by appendix to this Provision.

2. The operator of AIS of insurance shall determine in internal documents for each engineering procedure and observe values of the following control indicators of level of operational risk for the purposes of ensuring operational reliability (further - target indicators of operational reliability):

the admissible relation of total quantity of the transactions performed within engineering procedure, made during degradation of engineering procedure of the operator of AIS within the event of operational risk or series of the connected events of operational risk caused by information threats and (or) failures of objects of information infrastructure which led to failure to carry out or inadequate accomplishment by the operator of AIS of insurance of the functions (further - incident of operational reliability) to the expected number of the transactions performed within engineering procedures for the same period in case of continuous accomplishment by the operator of AIS of the insurance of the functions established by the operator of AIS of insurance (further - admissible share of degradation of engineering procedure);

allowed time of idle time and (or) degradation of engineering procedures of the operator of AIS of insurance within the incident of operational reliability (in case of exceeding of admissible share of degradation of engineering procedure). Value of this target indicator is established by the operator of AIS of insurance not above the values provided by appendix to this Provision;

admissible total idle time and (or) degradation of engineering procedure of the operator of AIS of insurance (in case of exceeding of admissible share of degradation of engineering procedure) within the next calendar year;

indicator of observance of operation mode (functioning) of engineering procedure (start time, end time, duration and the sequence of procedures within engineering procedure).

Value of admissible share of degradation of engineering procedures shall be calculated the operator of AIS of insurance based on statistical data for the period at least twelve calendar months preceding date of determination of value of target indicator of operational reliability, except for the case provided by the paragraph the seventh this Item, and (or) other data proving their determination (at the choice of the operator of AIS of insurance).

If engineering procedure functions less than twelve calendar months, the operator of AIS of insurance shall determine value of admissible share of degradation of engineering procedures based on statistical data from start date of its functioning and (or) other data proving their determination (at the choice of the operator of AIS of insurance).

3. In cases of exceeding of admissible share of degradation of engineering procedures the operator of AIS of insurance shall fix:

the actual idle time and (or) degradations of engineering procedure calculated on each incident of operational reliability (from the moment of violation of the engineering procedure leading to failure to carry out or inadequate accomplishment by the operator of AIS of insurance of the functions in connection with emergence of event or series of the connected events caused by information threats and (or) failures of objects of information infrastructure until recovery of engineering procedure);

the actual share of degradation of engineering procedure within the separate incident of operational reliability;

total idle time and (or) degradations of engineering procedure for the last twelve calendar months.

In case of determination of idle time and (or) degradation of engineering procedures calculation does not join periods of time of the planned technological transactions connected with suspension (partial suspension) of engineering procedures and which are carried out according to internal documents of the operator of AIS of insurance.

4. The operator of AIS of insurance shall at least once a year carry out the analysis of need of review of values of target indicators of operational reliability.

5. The operator of AIS of insurance shall develop in internal documents and fulfill requirements to operational reliability which include:

requirements to procedure for determination of values of target indicators of operational reliability and ensuring control of their observance;

requirements to identification of structure of set of the elements specified in subitem 5.1 of this Item (further - critical architecture);

requirements to change management of the elements specified in subitem 5.1 of this Item;

requirements to identification, registration of incidents of operational reliability and response to them, and also recovery of accomplishment of engineering procedures and functioning of objects of information infrastructure after realization of the specified incidents;

requirements to interaction with the third parties (external contractors, partners) rendering based on the agreement the services in the field of information technologies connected with creation, upgrade, commissioning, operation (including maintenance), removal from operation of objects of information infrastructure of the operator of AIS of insurance, placement, storage and (or) other information processing created and (or) received by the operator of AIS of insurance in case of accomplishment of the functions (further - service providers in the field of information technologies);

requirements to testing of operational reliability of engineering procedures;

Warning!!!

This is not a full text of document! Document shown in Demo mode!

If you have active License, please Login, or get License for Full Access.

With Full access you can get: full text of document, original text of document in Russian, attachments (if exist) and see History and Statistics of your work.

Get License for Full Access Now

Disclaimer! This text was translated by AI translator and is not a valid juridical document. No warranty. No claim. More info

Effectively work with search system

Database include more 50000 documents. You can find needed documents using search system. For effective work you can mix any on documents parameters: country, documents type, date range, teams or tags.
More about search system

Get help

If you cannot find the required document, or you do not know where to begin, go to Help section.

In this section, we’ve tried to describe in detail the features and capabilities of the system, as well as the most effective techniques for working with the database.

You also may open the section Frequently asked questions. This section provides answers to questions set by users.

Search engine created by SoyuzPravoInform LLC.