It is registered
Ministry of Justice
Russian Federation
On November 23, 2023 No. 76079
of August 30, 2023 No. 6515-U
About determination of safety hazards when processing personal data in the automated information system of insurance
This Instruction based on part 5 of article 19 of the Federal Law of July 27, 2006 No. 152-FZ "About personal data" and the subitem 6 of Item 7 of article 33.10 of the Law of the Russian Federation of November 27, 1992 No. 4015-I "About the organization of insurance case in the Russian Federation" determines safety hazards when processing personal data in the automated information system of insurance.
1. Safety hazards when processing personal data in the automated information system of insurance (further - AIS of insurance) are:
integrity violation threats (substitutions, removals), the violations of confidentiality (compromise) of personal data urgent in case of transfer of personal data between devices of users of AIS of insurance - physical persons and AIS of insurance, including by realization of purposeful actions with use of the opportunities specified in Item 10 of Structure and content of organizational and technical measures for safety of personal data in case of their processing in information systems of personal data with use of the means of cryptographic information security necessary for accomplishment of the requirements to personal data protection established by the Government of the Russian Federation for each of the levels of security approved by the order of Federal Security Service of the Russian Federation of July 10, 2014 No. 378 <1> (further - Structure and content of organizational and technical measures);
--------------------------------
<1> Registration No. 33620 is registered by the Ministry of Justice of the Russian Federation on August 18, 2014.
integrity violation threats (substitutions, removals), the violations of confidentiality (compromise) of personal data urgent in case of transfer of personal data between devices of users of AIS of insurance (except for physical persons) and AIS of insurance, including by realization of purposeful actions with use of the opportunities specified in Item 11 of Structure and content of organizational and technical measures;
integrity violation threat (substitution, removal), the violation of confidentiality (compromise) of personal data urgent in case of processing of personal data in AIS of insurance, including by realization of purposeful actions with use of the opportunities specified in Item 11 of Structure and content of organizational and technical measures in case of application of means (systems) of information security from unauthorized access which underwent assessment of conformity in the form of obligatory certification it is not lower than 4 levels of credibility according to the order of the Federal Service for Technical and Export Control of June 2, 2020 No. 76 <2>, and opportunities specified in Item 12 of Structure and content of organizational and technical measures in case of non-use of means (systems) of information security from unauthorized access, undergone assessment of conformity in the form of obligatory certification it is not lower than 4 levels of credibility according to the order of the Federal Service for Technical and Export Control of June 2, 2020 No. 76;
--------------------------------
<2> Registration No. 59772, with the changes made by the order of FSTEC of Russia of April 18, 2022 No. 68 is registered by the Ministry of Justice of the Russian Federation on September 11, 2020 (registration No. 69318) is registered by the Ministry of Justice of the Russian Federation on July 20, 2022.
integrity violation threats (substitutions, removals), the violations of confidentiality (compromise) of personal data urgent in case of interaction with AIS of insurance of employees of operator of AIS of insurance or other persons performing ensuring operation and (or) administration of AIS of insurance by means of remote logical access including by realization of purposeful actions with use of the opportunities specified in Item 12 of Structure and content of organizational and technical measures;
integrity violation threats (substitutions, removals), the violations of confidentiality (compromise) of personal data urgent in case of transfer of personal data in case of interaction of AIS of insurance with the federal state information system "Single System of Identification and Authentication in the Infrastructure Providing Information and Technological Interaction of the Information Systems Used for Provision of the State and Municipal Services Electronically" <1>, single biometric system <2>, the federal state information system "Single Portal of the State and Municipal Services (Functions)" <3>, information systems of state bodies, other persons which the state delegates powers of authority <4>, the Bank of Russia and other information systems with use of single system of interdepartmental electronic interaction <5>, including by realization of purposeful actions with use of the opportunities specified in Item 12 of Structure and content of organizational and technical measures.
--------------------------------
<1> The order of the Government of the Russian Federation of November 28, 2011 No. 977 "About the federal state information system "Single System of Identification and Authentication in the Infrastructure Providing Information and Technological Interaction of the Information Systems Used for Provision of the State and Municipal Services Electronically".
<2> The regulations on single biometric system, including on its regional segments approved by the order of the Government of the Russian Federation of May 31, 2023 No. 883.
<3> the Regulations on the federal state information system "Single Portal of the State and Municipal Services (Functions)" approved by the order of the Government of the Russian Federation of October 24, 2011 No. 861 "About the federal state information systems providing electronic submission of the state and municipal services (implementation of functions)".
<4> The order of the Government of the Russian Federation of May 31, 2023 No. 1431-r.
<5> The regulations on single system of interdepartmental electronic interaction approved by the order of the Government of the Russian Federation of September 8, 2010 No. 697.
2. This Instruction is subject to official publication and according to the solution of the Board of directors of the Bank of Russia (the minutes of the Board of directors of the Bank of Russia of June 23, 2023 No. PSD-23) become effective since April 1, 2024.
Chairman of the Central bank of the Russian Federation
E. S. Nabiullina
Disclaimer! This text was translated by AI translator and is not a valid juridical document. No warranty. No claim. More info
Database include more 50000 documents. You can find needed documents using search system. For effective work you can mix any on documents parameters: country, documents type, date range, teams or tags.
More about search system
If you cannot find the required document, or you do not know where to begin, go to Help section.
In this section, we’ve tried to describe in detail the features and capabilities of the system, as well as the most effective techniques for working with the database.
You also may open the section Frequently asked questions. This section provides answers to questions set by users.