of August 24, 2012 No. 269
About approval of Requirements to the organizational measures and program technical means providing access to payment systems
For the purpose of implementation of the Law of the Republic of Kazakhstan on March 30, 1995 "About National Bank of the Republic of Kazakhstan" the Board of National Bank of the Republic of Kazakhstan DECIDES:
1. Approve the enclosed Requirements to the organizational measures and program technical means providing access to payment systems.
3. This resolution becomes effective after six months after its first official publication.
4. Suspend till January 1, 2014 Item 2 of the enclosed Requirements to the organizational measures and program technical means providing access to the banks and organizations performing separate types of banking activities to payment systems, having determined that during suspension this Item is effective in the following edition:
"2. Requirements extend the action to all users of payment system, except for National Bank of the Republic of Kazakhstan".
Chairman of National Bank
G. Marchenko
Approved by the Resolution of Board of National Bank of the Republic of Kazakhstan of August 24, 2012 No. 269
1. Requirements to the organizational measures and program technical means providing access to payment systems (further - Requirements), are developed according to the Law of the Republic of Kazakhstan of March 30, 1995 "About National Bank of the Republic of Kazakhstan" (further - the Law on National Bank) and establish requirements to the organizational measures and program technical means providing access to payment systems of the Republican state company on the right of economic maintaining "The Kazakhstan center of interbank calculations of National Bank of the Republic of Kazakhstan" (further - payment system).
2. Requirements extend the action to all users of payment system.
3. In Requirements the following concepts are used:
1) authentication - package of measures for confirmation of authenticity of participation of the Republican state company on the right of economic maintaining "The Kazakhstan center of interbank calculations of National Bank of the Republic of Kazakhstan" (further - the Center) and users of payment system in case of exchange of messages of payment system, and also for confirmation of authenticity of such messages;
2) access control facilities - the technical, program or other means allowing to fix information on access to objects;
3) key information - cryptographic keys or the other information allowing to perform cryptographic transformations of information;
4) operational risk - the risk connected with violations in work of information systems or internal processes, human mistakes, failures or violations in management of payment system including owing to external events;
5) unauthorized access - access to information and program resources with violation of the procedure for access to them established by the user of payment system;
6) hardware and software system of protection against unauthorized access - system of protection of the personal computer against use by strangers, and also for differentiation of powers of the registered users on access to information and program resources;
7) unusual situations - the situations which led to failures (violations) in functioning of software and hardware complex of the user of payment system owing to emergence of operational risk;
8) the user of payment system - the legal entities who signed the contract with the Center on rendering services in payment system and the Center;
9) information system of the user of payment system - the software of the user of payment system used for forming or transformation of the electronic documents intended for the further direction in payment system by means of the terminal of payment system;
10) software and hardware complex of the user of payment system - the technical, program or other means which are ensuring functioning of the user in payment system, including information system, workplace of the user of payment system, terminals of payment system, means of communication (data transmission) with payment system;
11) the main center of software and hardware complex of the user of payment system (further - the main center) - the software and hardware complex of the user of payment system ensuring functioning of the user in payment system in the regular (daily) mode;
12) the reserve center of software and hardware complex of the user of payment system (further - the reserve center) - the reserve software and hardware complex of the user of payment system ensuring functioning of the user in payment system in case of unusual situations or carrying out planned test works in the main center;
13) workplace of the user of payment system - the personal computer (server) on which the terminal of payment system providing access to payment system is established;
14) division of safety of the user of payment system - the structural division of the user of payment system ensuring safety and protection of information and program resources of the user of payment system;
15) the terminal of payment system - the special software providing access to payment system, established at users of payment system;
16) appendix of the terminal of payment system - the special software intended for distant work with the terminal of payment system.
4. Procedures of exchange and formats of messages applied in payment system are established by the Center.
5. The workplace of the user of payment system is placed in the user of payment system with limited access (further - the Room). Placement in the workplaces which are not intended for work with payment system, except for workplaces of the workers performing functions of operators of workplace of the user of payment system is not allowed.
6. The room is equipped with the metal and (or) strengthened from penetration entrance doors on which mechanical and (or) electromechanical locks are put.
7. Doors of the Room are equipped with control facilities of access for implementation of monitoring of events of access to the Room in real time and entries of events of access to the Room in the online magazine with possibility of receipt of the report on events of access to the Room. The archive of events of the online magazine is stored by the user of payment system at least six months.
Disclaimer! This text was translated by AI translator and is not a valid juridical document. No warranty. No claim. More info
Database include more 50000 documents. You can find needed documents using search system. For effective work you can mix any on documents parameters: country, documents type, date range, teams or tags.
More about search system
If you cannot find the required document, or you do not know where to begin, go to Help section.
In this section, we’ve tried to describe in detail the features and capabilities of the system, as well as the most effective techniques for working with the database.
You also may open the section Frequently asked questions. This section provides answers to questions set by users.
The document ceased to be valid since November 4, 2016 according to Item 2 of the Resolution of Board of National Bank of the Republic of Kazakhstan of August 31, 2016 No. 200