Document from CIS Legislation database © 2003-2021 SojuzPravoInform LLC

It is registered

Ministry of Justice

Republic of Moldova

No. 671 of April 17, 2009

RESOLUTION OF THE NATIONAL COMMISSION ON THE FINANCIAL MARKET OF THE REPUBLIC OF MOLDOVA

of February 26, 2009 No. 8/15

About approval of some provisions

(as amended on 02-03-2021)

Based on Art. 6 of h (1), h (4) and h (11), Art. 7 of h (3-1) and h (7), Art. 8 of h (2) and h (4), Art. 13 of h (2), Art. 17 of h (3) the item 1) a subitem) - d), g) and h), h (7) and h (8), Art. 18 of h (2) the item 1) b subitem) the Law on bureau of credit histories No. 122-XVI of May 29, 2008 (repeated publication: The official monitor of the Republic of Moldova, 2017, No. 316-321, the Art. 546), based on provisions of Art. 1 of the h. (1), Art. 3, Art. 4 of the h. (1) and h (2), Art. 8 of the item b), Art. 21 of the h. (1), Art. 22 of the h. (1) and h. (2) the Law No. 192-XIV of 12.11.1998 "About the National commission on the financial market" (No. 117-126 BIS is repeatedly published in the Official monitor of the Republic of Moldova, 2007) the National commission on the DECIDES: financial market

1. Approve:

Regulations on the information systems used for creation of the database of bureau of credit histories according to appendix No. 1;

Regulations on procedure for submission of information to bureau of credit histories and issues of the credit report, according to appendix No. 2;

Regulations on procedure for submission of the reporting to the National commission on the financial market of bureau of credit histories, according to appendix No. 3.

2. This resolution becomes effective from the date of publication.

 

Chairman of the National commission on the financial market

Mikhail Chibotaru

Appendix No. 1

to the Resolution of the National commission on the financial market No. 8/15 of February 26, 2009

Regulations on the information systems used for creation of the database of bureau of credit histories

I. General provisions

1. The regulations on the information systems used for creation of the database of bureau of credit histories (further - the Provision) establish requirements to the organization of information system for the purpose of forming and use of credit stories, storage in safety conditions of the database of bureau of credit histories (further - bureau), the minimum requirements to use of remedies when processing credit history, the minimum requirements to technical equipment and to the software and are obligatory for all legal entities having license for activities of bureau of credit histories.

2. In this Provision the following concepts are used:

complex of program technical means – set of the software and the technical equipment providing implementation of information processes;

means of cryptographic information security - hardware, program and the hardware and software, systems and complexes realizing the algorithms of cryptographic transformation of information intended for protection of integrity and confidentiality of information in case of its processing, storage and transfer on communication channels;

information security from leakage - package of measures, directed to prevention of uncontrollable distribution of the protected information on technical and collateral channels by means of special technical means;

information security from unauthorized access - package of measures, directed to prevention, the identification and elimination of possibility of receipt of the protected information by abuse of regulations of access to the protected information established by regulations or the owner (owner) of information;

information security from inadvertent impact - package of measures, directed to prevention of inadvertent impact on the protected information owing to the mistakes of the user, failures of the program technical means, the natural phenomena or other reasons which are not directed to change of information, but leading to misstatement, destruction, copying, blocking of information access, and also to its loss, destruction or to failure of functioning of the material data carrier;

regulations of information security - set of the documentary management decisions directed to information security, program and technical means of information systems;

information security - protection of information system against accidental or deliberate impacts of natural or artificial nature of which causing damage to participants of information exchange is result;

information system - the set of the interconnected information resources, technologies, methods and personnel intended for storage, processing and issue of information;

material carriers - magnetic, optical, laser or other carriers of electronic information to whom it is created, fixed, transferred are accepted, stored, or electronic information and which represent opportunity to reproduce and use it further is otherwise used;

technical audit – assessment of information systems (the equipment and the software) performed by the specialized company in the field of information technologies with involvement of at least one specialist owning the certificate of CISA (Certified Information Systems Auditor) for the purpose of determination of degree of safety and level of protection of the used system;

the digital signature – data electronically as they are determined in the Law on the digital signature and the electronic document No. 91 of May 29, 2014.

II. Tasks of information security.

3. Participants of exchange of information (further - participants) provide information measures of protection when processing credit history with the means conforming to the requirements of information security established by this Provision.

4. The main objectives on ensuring information security are:

1) information security (ensuring integrity, confidentiality and availability of information) of credit stories when processing;

2) minimization of impact and time for recovery in case of safety incidents;

3) effective management of risks of safety;

4) ensuring no-failure operation;

5) ensuring physical safety of bureau, including software and hardware complex components, from damage or change of functioning;

6) compliance acting legislative and to regulations.

5. The package of measures and means of information protection shall include:

1) the cryptographic information security including means of cryptographic information security;

2) information security from unauthorized access and capability of detection of invasions;

3) constant internal control of information security system;

4) information security from inadvertent impact, including backup and archiving of data;

5) ensuring availability, including ensuring no-failure operation of the equipment of software and hardware complex of bureau;

6) information security from leakage on technical and collateral channels;

7) measures of physical safety of participants.

6. The procedure for application of package of measures and means of information protection shall be planned at design stage of information system.

III. Requirements to functioning of information system

7. The information system will be developed according to requirements of this provision according to the Order of technical development, data on the process of development, implementation and servicing of system approved as the head, containing, inclusive development stages, procedure for modification, acceptance, testing and commissioning, the requirement to documentation of each stage, etc.

8. The information system shall provide electronic exchange of correspondence within 24 hours.

9. Electronic exchange of correspondence between participants is performed only with use of complex of the specialized software offered bureau.

10. Electronic correspondence is signed by the digital signature.

11. In the course of electronic exchange of correspondence participants shall observe the ordered sequence of actions and verify authenticity of electronic correspondence.

12. As a part of information system of bureau shall constantly:

1) to provide high-quality and smooth functioning of information system and the established safety level when implementing electronic exchange of correspondence between participants;

2) to implement anti-virus protection and protection against spam;

3) to perform maintenance of components, quickly and timely to debug work of information system;

4) to take measures for enhancement and increase in overall performance of information system;

5) to exercise control of security status of information system, to record cases and attempts of violation of its safety, and also to take the measures necessary for prevention and liquidation of their consequences;

To advise 6) authorized persons of participants on the provided software and hardware complex, and also on other questions relating to work of information system;

7) to inform participants with whom the agreement on rendering information services, on change of specifications of functioning of information system was signed.

13. For the purpose of accomplishment of the functions, bureau has the right:

1) to give help during creation of cryptographic keys of the participants necessary for functioning of information system;

2) to require elimination of cases of abuse of regulations of operation of information system.

14. For the purpose of effective functioning of information system the participant (which is not bureau) shall:

1) to organize and equip workplaces for persons, representatives to represent and obtain information from credit stories;

2) to provide the conditions necessary for reliable storage of cryptographic keys and their material carriers, and also for exception of access for strangers to these keys;

3) to provide observance of safety conditions and service regulations of information system.

4) use of information obtained as a result of participation in process of information exchange, only for the purpose of, established by the Law No. 122-XVI of May 29, 2008. "About bureau of credit histories";

5) without delay to notify the responsible person of bureau, in oral and written form, in case of detection of safety hazard of information system.

15. For the purpose of observance of requirements of this provision when processing credit history, bureau shall develop and approve the regulations about functioning of information system containing:

1) the rights and obligations of bureau and other participants of information exchange concerning information system;

2) procedure of departure and adoption of electronic correspondence, and also its further use, change and exception;

3) the description of the formats of data accepted in bureau;

4) procedure for submission of the credit report;

5) procedure of access to information resources of bureau;

6) the main conditions on safety of information system according to which actions will be performed and to take root specific means of information protection;

7) procedures of management and algorithm of actions in case of compromise of information security system;

8) procedure for bringing to participants of content of the mentioned regulations and measures for information security, approvals and adoptions of the obligation by participants about their observance.

16. Regulations about functioning of information system are brought to the attention of all participants with whom the agreement on rendering information services was signed that is confirmed by the signature of the responsible person.

17. During creation and processing of electronic correspondence participants without fail use means of cryptographic information security.

18. It is excluded.

19. Each participant appoints division or the worker (workers), responsible for ensuring information security in operation of information system.

20. Any unusual situation which can negatively influence activities of bureau shall be informed data of other participants in writing within one day.

21. The device of information system of bureau shall be rather flexible, allow simple, without structural changes, development of configuration of the used means, building-up of functions and resources.

Warning!!!

This is not a full text of document! Document shown in Demo mode!

If you have active License, please Login, or get License for Full Access.

With Full access you can get: full text of document, original text of document in Russian, attachments (if exist) and see History and Statistics of your work.

Get License for Full Access Now

Disclaimer! This text was translated by AI translator and is not a valid juridical document. No warranty. No claim. More info

Effectively work with search system

Database include more 50000 documents. You can find needed documents using search system. For effective work you can mix any on documents parameters: country, documents type, date range, teams or tags.
More about search system

Get help

If you cannot find the required document, or you do not know where to begin, go to Help section.

In this section, we’ve tried to describe in detail the features and capabilities of the system, as well as the most effective techniques for working with the database.

You also may open the section Frequently asked questions. This section provides answers to questions set by users.

Search engine created by SojuzPravoInform LLC. UI/UX design by Intelliants.