It is registered
Ministry of Justice
Republic of Uzbekistan
On May 21, 2014 No. 2588
of May 12, 2014 No. 46
About approval of the Regulations on procedure of control of activities of bodies for certification of objects of informatization and fulfillment of requirements on information security on the certified objects of informatization
According to the resolution of the President of the Republic of Uzbekistan of July 8, 2011 "About additional measures for protection of national information resource" and the resolution of the Cabinet of Ministers of November 2, 1991 No. 278 "About Service of homeland security of the Republic of Uzbekistan" I order to No. PP-1572:
1. Approve Regulations on procedure of control of activities of Bodies for certification of objects of informatization and fulfillment of requirements on information security on the certified objects of informatization, according to appendix.
2. This order becomes effective from the date of its official publication.
Chairman
R. Inoyatov
Appendix
to the Order of the chairman of Service of homeland security of the Republic of Uzbekistan of May 12, 2014 No. 46
This Provision according to the resolution of the President of the Republic of Uzbekistan of July 8, 2011 No. PP-1572 "About additional measures for protection of national information resource" and the Regulations on approval procedure on work on certification of objects of informatization approved by the resolution of the Cabinet of Ministers of November 7, 2011 No. 296, determines procedure of control of activities of Bodies for certification of objects of informatization (further - Body for certification), and also fulfillment of requirements by information security on the certified objects of informatization.
1. Control is exercised in the relation:
activities of Bodies for certification;
the certified objects of informatization (further - objects of informatization).
Control is exercised according to the legislation on the state control of activities of business entities, and also this Provision.
2. All works connected with monitoring procedure are performed on a grant basis.
3. According to the Regulations on certification of objects of informatization according to requirements of information security approved by the resolution of the President of the Republic of Uzbekistan of July 8, 2011 No. PP-1572, control it is imposed on Service of state security of the Republic of Uzbekistan (further - Authorized body).
4. The checks of observance of requirements imposed to Bodies for certification and objects of informatization which are carried out within control are subdivided on planned and unplanned, including checks according to the procedure of control.
5. In the course of carrying out scheduled and unscheduled inspections the activities of Bodies for certification and objects of informatization which are directly connected with information processing of limited access are studied.
6. Results of scheduled and unscheduled inspections are drawn up by acts. Following the results of the inspections which are carried out according to the procedure of control statements or helps are drawn up. Form of acts (helps) any, however at them there shall be descriptive part, outputs and requirements for elimination of the revealed violations. Results of check are led up to management of the checked organization. The copy of the act (help) of check goes to superior organization (in the presence).
7. Scheduled inspections are carried out in the relation:
Bodies for certification - is not more often than once during effective period of Permission to work on certification of objects of informatization (further - Permission);
objects of informatization - is not more often than once during action of the Certificate of compliance of object of informatization to requirements of information security (further - the Certificate of compliance).
8. Unscheduled inspections are carried out in case of receipt of data on the facts of violation of requirements of regulatory legal acts or regulating documents for standardization in information security field.
9. In case of identification of shortcomings and violations in the course of scheduled and unscheduled inspections, are performed according to the procedure of control for the purpose of factual determination of elimination of the revealed shortcomings and violations.
10. In case of control of activities Organa on certification is checked:
accomplishment of functions and observance of requirements, stipulated by the legislation, including Standard regulations on bodies for certification of objects of informatization (reg. No. 2587 of May 21, 2014);
availability, correctness of maintaining and storage of fund of regulatory legal acts and other documents for the permitted activities;
qualification of regular list of employees, availability of job descriptions, knowledge employees of the rights and obligations, requirements of regulatory legal acts and other documents in information security field and information protection (including with check of practical skills);
frequency of passing by employees of professional development course;
observance of Regulations of Admission and consideration of requests for certification;
interaction with applicants when carrying out certification of objects of informatization;
correctness of the organization and work on certification of objects of informatization;
correctness of registration and timeliness of preparation of protocols and results of testing;
correctness of registration and timeliness of issue of the Certificate of compliance;
timeliness and quality of provision of data in Authorized body;
timeliness of carrying out checkings of the measuring equipment used to certification;
fulfillment of requirements on respect for safety of the confidential information which became available it in the course of carrying out certification;
efficiency of the taken measures and completeness of accomplishment of offers (recommendations) or requirements of the previous commission of experts.
11. The authorized body in the procedure established by the legislation can stop or suspend Permission Organa on certification in cases:
inadequate accomplishment of functions and non-compliance with the obligations provided by regulations on Organa on certification;
discrepancies of qualification of regular list of employees to qualifying standards;
failures to carry out at the scheduled time of offers on remedial action;
repeated abuse of regulations and procedures of certification of objects of informatization.
Disclaimer! This text was translated by AI translator and is not a valid juridical document. No warranty. No claim. More info
Database include more 50000 documents. You can find needed documents using search system. For effective work you can mix any on documents parameters: country, documents type, date range, teams or tags.
More about search system
If you cannot find the required document, or you do not know where to begin, go to Help section.
In this section, we’ve tried to describe in detail the features and capabilities of the system, as well as the most effective techniques for working with the database.
You also may open the section Frequently asked questions. This section provides answers to questions set by users.