RESOLUTION OF THE CABINET OF MINISTERS OF THE AZERBAIJAN REPUBLIC

of August 20, 2007 No. 129

About approval of the Procedure for conducting examination of the information systems used for creation, processing and exchange of the electronic documents containing the data which are the state secret

For the purpose of ensuring execution of Item 1.9 of the Presidential decree of the Azerbaijan Republic "About application of the Law of the Azerbaijan Republic "About the digital signature and the electronic document" of May 26, 2004 the No. 65 Cabinet of Ministers of the Azerbaijan Republic decides:

1. Approve "The procedure for conducting examination of the information systems used for creation, processing and exchange of the electronic documents containing the data which are the state secret" (is applied).

2. This resolution becomes effective from the date of signing.

Approved by the Resolution of the Cabinet of Ministers of the Azerbaijan Republic of August 20, 2007, No. 129

Procedure for conducting examination of the information systems used for creation, processing and exchange of the electronic documents containing the data which are the state secret

1. General provisions

1.1. This procedure is prepared according to Item 1.9 of the Presidential decree of the Azerbaijan Republic "About application of the Law of the Azerbaijan Republic "About the digital signature and the electronic document" of May 26, 2004 No. 65 and determines procedure for the organization and conducting examination (further - "examination") on compliance to the requirements and standards existing in the field of safety of the information systems used for creation, processing and exchange of the electronic documents containing the data which are the state secret in public authorities and local self-government on all regardless of form of business and type of property, the companies, organizations and the organizations of the Azerbaijan Republic in its territory, and also beyond its limits.

1.2. The result of examination of information system of the companies, organizations and organizations regardless of their form of business and type of property is considered in case of issue of permission to implementation of the works connected with use of the data which are the state secret based on article 27 of the Law of the Azerbaijan Republic "About the state secret"

1.3. Expertize is carried out in the following directions:

- check of the mode of confidentiality;

- the company of measures against technical espionage;

- determination of technical channels of information leakage.

2. Organization of conducting examination

2.1. Examination is performed from commission of experts. Authority on creation of data of the commissions is the Service of state security of the Azerbaijan Republic.

Authority on creation of the commissions for conducting examination of information systems of the state objects of protection and the protected objects is the Special service of the state protection of the Azerbaijan Republic.

Commissions of experts are constituted from representatives of the relevant authority, and also other organizations.

2.2. Expertize is carried out at least once within three years, or in case of origin during this term of changes in structure, structure and operational conditions of information system, in methods and security aids, and also in case of data or thorough suspicions concerning information leakage during activities of information systems.

2.3. For conducting examination the owner of information system officially addresses to the relevant authority. In the address are specified:

- name of addressing;

- its form of business;

- legal address;

- bank account number.

2.4. Expertize is carried out based on the agreement signed between addressing and authority. In the agreement all expenses connected with conducting examination are considered.

2.5. Within 7 (seven) working days from the moment of receipt of the address the commission is constituted, and the agreement is signed. Expertize is carried out and comes to the end within 15 (fifteen) working days after the conclusion of the agreement. In particular cases this term can be increased for 5 (five) working days.

2.6. Members of the commission draw up the statement of results of examination and sign it.

In this act the concluding observation about compliance of information system to requirements and standards of safety, and also about readiness for use for creation, processing and exchange of the electronic documents containing the data which are the state secret and other confidential information is drawn.

2.7. Expertize of new information system is carried out on blueprint stage of this system. At the same time to the stipulated in Item 2.3 presents of the Procedure to the address for conducting examination of information system the following documents are attached:

- specification and project of information system;

- technical documents of means of information protection which is provided to be used in information system.

In need of the concluding observation the commission of experts can provide the offers on introduction of amendments and changes to the specification and the project.

3. Conducting examination

3.1. The following measures enter examination:

- primary analysis of data on information system;

- assessment of observance of requirements of regulatory legal acts of the Azerbaijan Republic of the information security containing the data which are the state secret in connection with activities of information system;

- direct acquaintance to information systems;

- assessment of number and qualification level of the specialists working in the sphere of information security;

- assessment of level of the organizational and technical measures performed on protection of the electronic document containing the data which are secret and other confidential information;

- check of means of information protection;

- carrying out complex testing of information system in actual practice;

- preparation of the act.

3.2. The following measures enter examination of new information systems:

- assessment of observance of requirements of regulatory legal acts in the field of information security according to the specification and the project of information system;

- verification of documents of information security which is provided to be used in information system;

- preparation of the act.

3.3. Assessment of observance of requirements of regulations of the information security containing the data which are the state secret and other confidential information in connection with activities of information system provides check of the following:

Disclaimer! This text was translated by AI translator and is not a valid juridical document. No warranty. No claim. More info