ORDER OF THE GOVERNMENT OF THE REPUBLIC OF KAZAKHSTAN

of September 25, 2012 No. 1241

About approval of standards of the state services in the sphere of information technologies and about modification of the orders of the Government of the Republic of Kazakhstan of July 20, 2010 No. 745 "About approval of the register of the state services rendered to physical persons and legal entities" and of December 30, 2009 No. 2280 "About approval of Rules of carrying out certification of the state information systems and non-state information systems integrated with the state information systems on compliance to their requirements of information security and to the standards accepted in the territory of the Republic of Kazakhstan"

According to Item 2 of Article 34 of the Budget code of the Republic of Kazakhstan of December 4, 2008, article 9-1 of the Law of the Republic of Kazakhstan of November 27, 2000 "About ministerial procedures" and subitems 2), 3) Article 6, article 29 of the Law of the Republic of Kazakhstan of January 11, 2007 "About informatization" the Government of the Republic of Kazakhstan DECIDES:

1. Approve enclosed:

1) standard of the state service "Accreditation of Certification Centers";

2) standard of the state service "Certification of the State Information Systems and Non-state Information Systems Integrated with the State Information Systems on Compliance to Their Requirements of Information Security and to the Standards Accepted in the territory of the Republic of Kazakhstan";

3) standard of the state service "Issue and Withdrawal of the Registration Certificate of National Certification Center of the Republic of Kazakhstan".

2. Bring the following changes in some decisions of the Government of the Republic of Kazakhstan:

1) ceased to be valid according to the Order of the Government of the Republic of Kazakhstan of 18.09.2013 No. 983

2) in the order of the Government of the Republic of Kazakhstan of December 30, 2009 No. 2280 "About approval of Rules of carrying out certification of the state information systems and non-state information systems integrated with the state information systems on compliance to their requirements of information security and to the standards accepted in the territory of the Republic of Kazakhstan" (SAPP of the Republic of Kazakhstan, 2010, No. 4, the Art. 39):

in Rules of carrying out certification of the state information systems and non-state information systems integrated with the state information systems, on compliance to their requirements of information security and to the standards accepted in the territory of the Republic of Kazakhstan, approved by the specified resolution:

in Item 10:

2) to state the subitem in the following edition:

"2) the authorized body within two calendar days from the moment of receipt of the request performs check of compliance of the request and the documents attached to the request to requirements to form and the completeness established by these rules;";

4) to state the subitem in the following edition:

"4) after receipt of the request for carrying out certification of IS the authorized organization within one calendar day sends to the applicant two copies of the service provision agreement on certification inspection, contracts for execution of joint operations on ensuring information security and in the presence in information systems of means of cryptographic information security or if necessary - contracts for accomplishment of joint confidential operations. The applicant after receipt of two copies of the above-stated agreements within three calendar days signs and returns in one copy each agreement in authorized organization;";

8) to state the subitem in the following edition:

"8) the term of certification inspection shall not exceed twenty one calendar days from the moment of the conclusion of the contract for carrying out certification inspection. If the structure of the certified IS includes departmental or the IS regional components, authorized organization addresses to authorized body with the petition for prolongation of term of certification inspection with statement of the reasons of impossibility of observance of fixed term. The authorized body makes the decision on prolongation of term of certification inspection no more than seventeen calendar days about what it is reported to the applicant within one calendar day;";

10) to state the subitem in the following edition:

"10) the authorized body within two calendar days from the moment of receipt of the act convokes the Commission and submits the act to the Commission;";

12) and 13) to state subitems in the following edition:

"12) based on the protocol of the Commission and taking into account the act the authorized body within one calendar day accepts one of the following decisions:

about issue or refusal in issue of the certificate (the decision on refusal in issue of the certificate is made based on the discrepancies to requirements of the standards in information security field accepted in the territory of the Republic of Kazakhstan specified in the act);

about elimination by the applicant of the revealed discrepancies (this decision can be made no more once to the request for carrying out certification of IS), the copy of the decision goes to the applicant;

13) in case of adoption by the Commission of the decision on elimination of the revealed discrepancies, the term of rendering the state service stops to the notice of authorized body on elimination of the revealed discrepancies during certification inspection. The applicant within twenty working days from the moment of receipt of the copy of the decision eliminates the revealed discrepancies and informs authorized body on their elimination then the authorized body within one calendar day informs authorized organization on need of carrying out additional certification inspection of IS. The term of additional inspection of IS shall not exceed eight calendar days from the date of receipt of the notice from authorized body;".

3. This resolution becomes effective after ten calendar days from the date of the first official publication.

Disclaimer! This text was translated by AI translator and is not a valid juridical document. No warranty. No claim. More info