PROVISION OF CENTRAL BANK OF THE RUSSIAN FEDERATION

of August 30, 2023 No. 822-P

About requirements to ensuring the information security containing in the automated information system of insurance

This Provision based on the subitem 5 of Item 7 of article 33.10 of the Law of the Russian Federation of November 27, 1992 No. 4015-I "About the organization of insurance case in the Russian Federation" establishes requirements to ensuring the information security containing in the automated information system of insurance.

1. The operator of the automated information system of insurance (further - insurance AIS) shall perform information security, containing in AIS of insurance specified in Item 1 of article 33.11 of the Law of the Russian Federation of November 27, 1992 to No. 4015-I "About the organization of insurance case in the Russian Federation" (further respectively - the protected information, the Law of the Russian Federation No. 4015-I), in case of its obtaining, preparation, processing, storage and provision (further - information security).

If the protected information contains personal data, the operator of AIS of insurance shall apply measures for safety of personal data in case of their processing according to article 19 of the Federal Law of July 27, 2006 No. 152-FZ "About personal data" (further - the Federal Law of July 27, 2006 No. 152-FZ) and the order of the Federal Service for Technical and Export Control of February 18, 2013 No. 21 "About statement of Structure and content of organizational and technical measures for safety of personal data in case of their processing in information systems of personal data" <1> (further - the order of FSTEC of Russia No. 21).

--------------------------------

Disclaimer! This text was translated by AI translator and is not a valid juridical document. No warranty. No claim. More info