of June 13, 2012 No. 584
About approval of the Regulations on information security in payment system
According to article 27 of the Federal law "About National Payment System" Government of the Russian Federation decides:
1. Approve the enclosed Regulations on information security in payment system.
2. This resolution becomes effective since July 1, 2012.
Russian Prime Minister
D. Medvedev
Approved by the Order of the Government of the Russian Federation of June 13, 2012 No. 584
1. This Provision establishes requirements to information security about means and methods of ensuring information security, personal data and other information which is subject to the obligatory protection in accordance with the legislation of the Russian Federation processed by operators on money transfer, bank payment agents (subagents), operators of services of information exchange, suppliers of payment applications, operators of payment service providers, operators of services of payment infrastructure and operators of electronic platforms in payment system (further respectively - information, operators, agents).
2. Information security is performed according to requirements to information security which join operators of these payment systems in rules of payment systems including according to this Provision.
3. Information security is provided by realization by operators and agents of legal, organizational and technical measures, directed:
a) on ensuring information security from illegal access, destruction, modifying, blocking, copying, provision and distribution, and also from other wrongful acts concerning information;
b) on maintaining confidentiality of information;
c) on realization of the right to information access in accordance with the legislation of the Russian Federation.
4. Rules of payment system shall provide including the following requirements to information security:
a) creation and organization of functioning of structural division for information security (service of information security) or appointment of the official (worker) responsible for the organization of information security;
b) inclusion in job responsibilities of the workers participating in information processing, obligation on fulfillment of requirements to information security;
c) implementation of the actions aiming at determination of safety hazards of information and the analysis of vulnerability of information systems;
d) carrying out risk analysis of violation of requirements to information security and management of such risks;
e) development and realization of systems of information security in information systems;
e) application of means of information protection (the cryptography (cryptographic) tools, means of information protection from unauthorized access, means of anti-virus protection, means of firewalling, the system of detection of invasions, control facility (analysis) of security);
g) identification of the incidents connected with violation of requirements to information security, response to them;
h) ensuring information security when using information and telecommunication networks public;
i) determination of procedure for access to the infrastructure facilities of payment system processing information;
j) the organization and monitoring procedure and estimates of fulfillment of requirements to information security on own infrastructure facilities at least 1 time in 2 years.
5. For work on information security by operators and agents the having licenses for activities for technical protection of confidential information and (or) for activities for development and production of remedies of confidential information can be attracted on contractual basis of the organization.
6. Control (assessment) of observance of requirements to information security is exercised by operators and agents independently or with attraction on contractual basis of the organization having the license for activities for technical protection of confidential information.
7. Operators and agents approve the local legal acts establishing procedure for implementation of requirements to information security.
8. Requirements to information security are implemented:
a) in case of development and creation of information systems - at all stages (stages) of their creation and operation;
b) in case of acquisition of information systems - in case of their input in operation and in case of operation.
9. Application of the cryptographic (cryptographic) means of information protection by operators and agents is performed in accordance with the legislation of the Russian Federation.
Disclaimer! This text was translated by AI translator and is not a valid juridical document. No warranty. No claim. More info
Database include more 50000 documents. You can find needed documents using search system. For effective work you can mix any on documents parameters: country, documents type, date range, teams or tags.
More about search system
If you cannot find the required document, or you do not know where to begin, go to Help section.
In this section, we’ve tried to describe in detail the features and capabilities of the system, as well as the most effective techniques for working with the database.
You also may open the section Frequently asked questions. This section provides answers to questions set by users.