of August 16, 2024 No. 57
About approval of Rules of ensuring information security of electronic trading platform selling bank and microfinancial assets
According to part two of item 4 of article 15-18 of the Law of the Republic of Kazakhstan "About state regulation, control and supervision of the financial market and the financial organizations" Board of the Agency of the Republic of Kazakhstan on regulation and development of the DECIDES: financial market
1. Approve Rules of ensuring information security of electronic trading platform selling bank and microfinancial assets according to appendix to this resolution.
2. To provide to department of information and cyber security in the procedure established by the legislation of the Republic of Kazakhstan:
1) together with Legal department state registration of this resolution in the Ministry of Justice of the Republic of Kazakhstan;
2) placement of this resolution on official Internet resource of the Agency of the Republic of Kazakhstan on regulation and development of the financial market after its official publication;
3) within ten working days after state registration of this resolution submission to Legal department of data on execution of the action provided by the subitem 2) of this Item.
3. To impose control of execution of this resolution on the supervising vice-chairman of the Agency of the Republic of Kazakhstan on regulation and development of the financial market.
4. This resolution becomes effective since August 20, 2024 and is subject to official publication.
The chairman of the Agency of the Republic of Kazakhstan on regulation and development of the financial market
M. Abylkasymova
Appendix
to the Resolution of Board of the Agency of the Republic of Kazakhstan on regulation and development of the financial market of August 16, 2024 No. 57
1. These rules of ensuring information security of electronic trading platform selling bank and microfinancial assets (further - Rules) are developed according to part two of item 4 of article 15-18 of the Law of the Republic of Kazakhstan "About state regulation, control and supervision of the financial market and the financial organizations" (further - the Law on state regulation) and determine procedure for providing with authorized body by regulation, control and supervision of the financial market and the financial organizations (further - authorized body) information security of electronic trading platform selling bank and microfinancial assets (further - electronic trading platform).
2. In Rules the concepts provided by the laws of the Republic of Kazakhstan "About informatization", "About the electronic document and the digital signature" and the Law on state regulation are used.
3. Information security of electronic trading platform is ensured by the operator of electronic trading platform (further - the operator) way:
1) the organizations of access to electronic trading platform to employees of operator and to bidders, carried out on electronic trading platform (further - participants);
2) the information security which is in electronic trading platform in case of its processing, storage and transfer;
3) reservations and ensuring availability of information which is in electronic trading platform;
4) procedures of recovery of information system of electronic trading platform after failures and equipment failures and the software;
5) ensuring enciphering of the transmitted data on electronic trading platform between the operator and the participant.
4. The operator provides access to electronic trading platform to employees of operator and participants by identification and authentication of employees of operator and participants.
5. Access to electronic trading platform is provided to employees of operator in the amount determined by their functional obligations.
6. On electronic trading platform the personalized accounting records of employees of operator are used.
7. On electronic trading platform functions on management of accounting records, protection of passwords, and also blocking and unblocking of accounting records of employees of operator in information system of electronic trading platform are applied.
8. Identification and authentication of employees of operator in information system of electronic trading platform is performed using two-factor authentication (use of two of three factors: knowledge, ownerships, inherence) according to procedures of safety.
9. Primary registration of the participant on electronic trading platform is performed by means of the digital signature provided by accredited certification center of the Republic of Kazakhstan or using service of biometric identification of the participant by means of the Center of exchange of identification data (further - TsOID) or with use of the biometric data obtained by means of devices of electronic trading platform.
10. Identification and authentication of the participant is performed using two-factor authentication (use of two of three factors: knowledge, ownerships, inherence) with obligatory application of at least one of the following methods:
1) the digital signature provided by accredited certification center of the Republic of Kazakhstan;
2) biometric identification by means of use of services TsOID or with use of the biometric data obtained by means of devices of electronic trading platform.
11. Change of code of access (password) to electronic trading platform is performed using biometric identification of the participant with use of the biometric data confirmed to TsOID, or received by means of devices of electronic trading platform.
12. The operator provides anti-virus protection of all components of information system of electronic trading platform.
13. The security updates of components of information system of electronic trading platform eliminating critical vulnerabilities are established no later than one month from the date of their publication and distribution by the producer.
14. Updates of program and hardware components of information system of electronic trading platform before installation on industrial environment pass tests in the test circle.
15. The operator provides reserve data storage, files and configurations of all components of information system of electronic trading platform for the purpose of recovery of its efficient copy.
Disclaimer! This text was translated by AI translator and is not a valid juridical document. No warranty. No claim. More info
Database include more 50000 documents. You can find needed documents using search system. For effective work you can mix any on documents parameters: country, documents type, date range, teams or tags.
More about search system
If you cannot find the required document, or you do not know where to begin, go to Help section.
In this section, we’ve tried to describe in detail the features and capabilities of the system, as well as the most effective techniques for working with the database.
You also may open the section Frequently asked questions. This section provides answers to questions set by users.