Document from CIS Legislation database © 2003-2022 SojuzPravoInform LLC

The document ceased to be valid since  July 7, 2019 according to Item 2 of the Joint Order of the Minister of digital development, the defense and aerospace industry of the Republic of Kazakhstan and the Minister of national economy of the Republic of Kazakhstan of June 4, 2019 No. 114/Tax Code, 6 of June, 2019 No. 52

JOINT ORDER OF I.O. OF THE MINISTER OF SOFTWARE TO INVESTMENTS AND DEVELOPMENT OF THE REPUBLIC OF KAZAKHSTAN AND I.O. OF THE MINISTER OF NATIONAL ECONOMY OF THE REPUBLIC OF KAZAKHSTAN

of December 30, 2015 No. 1275, on December 31, 2015 No. 841

About approval of criteria for evaluation of risk degree and checking sheets in the field of informatization, communication, behind compliance with law of the Republic of Kazakhstan about the electronic document and the electronic digital signature

(as amended on 31-10-2018)

According to Item 3 of Article 141 and Item 1 of article 143 of the Entrepreneurial code of the Republic of Kazakhstan of October 29, 2015 PRIKAZYVAYEM:

1. Approve:

1) Criteria for evaluation of risk degree in the field of informatization according to appendix 1 to this joint order;

2) Criteria for evaluation of risk degree in the field of communication according to appendix 2 to this joint order;

3) the Checking leaf in the field of informatization according to appendix 3 to this joint order;

4) the Checking leaf in the field of communication, according to appendix 4 to this joint order;

5) the Checking leaf behind compliance with law of the Republic of Kazakhstan about the electronic document and the electronic digital signature according to appendix 5 to this joint order.

2. Declare invalid:

1) the joint order of the Minister of investments and development of the Republic of Kazakhstan of June 29, 2015 No. 735 and the acting minister of national economy of the Republic of Kazakhstan of June 30, 2015 No. 494 "About approval of criteria for evaluation of degree of risks in the field of informatization, communication, behind compliance with law of the Republic of Kazakhstan about the electronic document and the electronic digital signature" (registered in the Register of state registration of regulatory legal acts for No. 11891, published in information system of law of Ad_let of October 30, 2015);

2) the joint order of the Minister of investments and development of the Republic of Kazakhstan of June 29, 2015 No. 734 and the acting minister of national economy of the Republic of Kazakhstan of June 30, 2015 No. 493 "About approval of forms of checking sheets in the field of informatization, communication, behind compliance with law of the Republic of Kazakhstan about the electronic document and the electronic digital signature" (registered in the Register of state registration of regulatory legal acts for No. 11890, published in information system of law of Ad_let of October 30, 2015).

3. To committee of communication, informatization and information of the Ministry for Investments and Development of the Republic of Kazakhstan (Kazangap T. B.) provide:

1) state registration of this joint order in the Ministry of Justice of the Republic of Kazakhstan;

2) within ten calendar days after state registration of this joint order in the Ministry of Justice of the Republic of Kazakhstan the direction it the copy in printing and electronic form on official publication in periodic printing editions and information system of law of Ad_let, and also in the Republican center of legal information for entering into reference control bank of regulatory legal acts of the Republic of Kazakhstan;

3) placement of this joint order on Internet resource of the Ministry for Investments and Development of the Republic of Kazakhstan and on the intranet portal of state bodies;

4) within ten working days after state registration of this joint order in the Ministry of Justice of the Republic of Kazakhstan submission to Legal department of the Ministry for Investments and Development of the Republic of Kazakhstan of data on execution of the actions provided by subitems 1), 2) and 3) of Item 3 presents of the joint order.

4. To impose control of execution of this joint order on the supervising vice-minister of investments and development of the Republic of Kazakhstan.

5. This joint order becomes effective after ten calendar days after day of its first official publication.

The acting minister on investments and development of the Republic of Kazakhstan

______________ Zh. Kasymbek

Acting minister of national economy of the Republic of Kazakhstan

___________ M. Kusainov

It is approved

Chairman of Committee on legal statistics and special accounting of the Prosecutor General's Office of the Republic of Kazakhstan

December 31, 2015

 

 

_______________ S. Aytpayeva

Appendix 1

to the joint Order of the acting minister on investments and development of the Republic of Kazakhstan and the acting minister of national economy of the Republic of Kazakhstan of December 31, 2015 No. 1275, on December 31, 2015 No. 841

Criteria for evaluation of risk degree in the field of informatization

Chapter 1. General provisions

1. These Criteria for evaluation of risk degree in the field of informatization (further - Criteria) are developed in compliance by the Entrepreneurial code of the Republic of Kazakhstan of October 29, 2015 (further - the Code) and Rules of forming by the state bodies of system of risks assessment and form of checking sheets approved by the order of the acting minister of national economy of the Republic of Kazakhstan of July 31, 2018 No. 3 (it is registered in the Register of state registration of regulatory legal acts for No. 17371) for reference of the checked subjects to risk degrees and selection of the checked subjects when carrying out preventive control with visit of subject (object) of control.

2. In these Criteria the following concepts are used:

1) the checked subjects in the field of informatization (further - the checked subjects) - owners or owners of objects of informatization;

2) considerable violation - non-compliance with requirements for safety, protection, to recovery of electronic information resources in case of failure or damage of information systems of state body, non-compliance with requirements for implementation of the automated accounting, safety and periodic archiving of data on appeals to information system of state body, and also requirements for collection, processing and personal data storage, availability of two or more confirmed claims or addresses to areas of informatization;

3) insignificant violation - lack of supporting documents receipt of consent of the subject to collection and processing of its personal data in cases, stipulated by the legislation the Republic of Kazakhstan, availability of one confirmed claim or address to areas of informatization;

4) gross violation - violations which can lead to illegal distribution and use of information of state bodies and personal data, and also its misstatement and loss;

5) risk - probability of damnification as a result of activities of the subject of control of life or to health of the person, the environment, legitimate interests of physical persons and legal entities, valuable interests of the state taking into account severity of its effects;

6) objective criteria for evaluation of risk degree (further - objective criteria) - the criteria for evaluation of risk degree used for selection of subjects (objects) of control depending on risk degree in certain field of activity and which are not depending directly on separate subject (object) of control;

7) subjective criteria for evaluation of risk degree (further - subjective criteria) - the criteria for evaluation of risk degree used for selection of subjects (objects) of control depending on results of activities of specific subject (object) of control;

8) system of risks assessment - complex of the events held by control facility for the purpose of purpose of preventive control with visit of subject (object) of control;

9) the checking sheet - the list of requirements including requirements imposed to activities of subjects (objects) of control which non-compliance involves threat of life and to health of the person, the environment, legitimate interests of physical persons and legal entities, the states;

3. Criteria for evaluation of risk degree for preventive control with visit of subject (object) of control are created by means of objective and subjective criteria.

Chapter 2. Objective criteria

4. Risk identification in the field of informatization is performed depending on probability of damnification as a result of activities of the checked subject to legitimate interests of physical persons and legal entities, valuable interests of the state by activities of the checked subjects, connected with uncontrolled use of the information systems integrated with the state information systems, and also containing personal data which can lead to illegal distribution, use and information processing of state bodies, and also personal data by illegal access to information systems.

5. In the field of informatization the checked subjects, the owner or the owner of objects of informatization of state bodies and the quasi-public sector, and also the owner or the owner of the electronic information resources containing personal data treat high risk.

6. The checked subjects, the owner or the owner of the non-state information systems integrated with information systems of state bodies treat the checked subjects which are not carried to high risk.

7. Subjective criteria for the purpose of carrying out preventive control with visit of subject (object) of control are applied to subjects (objects) of control carried by objective criteria to high risk.

Chapter 3. Subjective criteria

8. Subjective criteria are developed based on requirements of the legislation of the Republic of Kazakhstan in the field of informatization (further - requirements) listed in checking sheets which are subdivided into three degrees and are given in appendix to these Criteria:

1) rough;

2) considerable;

3) insignificant.

9. Determination of subjective criteria is performed using the following stages:

1) forming of the database and information collection;

2) information analysis and risks assessment.

10. Forming of the database and information collection are necessary for identification of subjects (objects) of control violating the law of the Republic of Kazakhstan. The correct use of these data will allow to exercise more effectively the state control and to use resources of regulating authorities.

For assessment of degree of risks by subjective criteria the following sources of information are used:

results of the previous checks and preventive control with visit of subjects (objects) of control of the checked subjects. At the same time severity of violations (rough, considerable, insignificant) is established in case of non-compliance with requirements of the legislation of the Republic of Kazakhstan in the field of informatization;

availability and the number of the confirmed claims and addresses on the checked subjects which arrived from physical persons or legal entities, state bodies;

results of monitoring of the data represented by the subject of control, including by means of automated information systems, carried out by state bodies.

11. Assessment of risk degree of the checked subjects and their reference to high or the checked subjects which are not carried to high risk by subjective criteria is performed on the following indicators:

1) subjective criteria "results of the previous checks and preventive control with visit of subjects (objects) of control" are determined by information source according to appendix 1 to these Criteria;

2) subjective criteria "availability and the number of the confirmed claims and addresses to the checked subjects which arrived from physical persons or legal entities of state bodies" are determined by information source according to appendix 2 to these Criteria.

Warning!!!

This is not a full text of document! Document shown in Demo mode!

If you have active License, please Login, or get License for Full Access.

With Full access you can get: full text of document, original text of document in Russian, attachments (if exist) and see History and Statistics of your work.

Get License for Full Access Now

Disclaimer! This text was translated by AI translator and is not a valid juridical document. No warranty. No claim. More info

Effectively work with search system

Database include more 50000 documents. You can find needed documents using search system. For effective work you can mix any on documents parameters: country, documents type, date range, teams or tags.
More about search system

Get help

If you cannot find the required document, or you do not know where to begin, go to Help section.

In this section, we’ve tried to describe in detail the features and capabilities of the system, as well as the most effective techniques for working with the database.

You also may open the section Frequently asked questions. This section provides answers to questions set by users.

Search engine created by SojuzPravoInform LLC. UI/UX design by Intelliants.