JOINT ORDER OF THE CHAIRMAN OF COMMITTEE OF THE HOMELAND SECURITY OF THE REPUBLIC OF KAZAKHSTAN AND MINISTER OF NATIONAL ECONOMY OF THE REPUBLIC OF KAZAKHSTAN

of October 25, 2016 No. 72, on November 9, 2016 No. 471

About approval of criteria for evaluation of risk degree and checking sheets in the spheres of ensuring information security and special technical means intended for conducting investigation and search operations

According to Item 5 of Article 141 and Item 1 of article 143 of the Entrepreneurial code of the Republic of Kazakhstan we ORDER:

1. Approve:

1) criteria for evaluation of risk degree in the spheres of ensuring information security and special technical means intended for conducting investigation and search operations according to appendix 1 to this joint order;

2) checking leaf concerning subjects (objects) of control performing activities for development of means of cryptographic information security according to appendix 2 to this joint order;

3) checking leaf concerning the subjects (objects) of control performing activities for rendering services in identification of technical channels of information leakage and special technical means, intended for conducting investigation and search operations according to appendix 3 to this joint order;

4) checking leaf concerning subjects (objects) of control performing activities for development and production of the special technical means intended for conducting investigation and search operations according to appendix 4 to this joint order;

5) checking leaf concerning subjects (objects) of control performing activities for repair and realization of the special technical means intended for conducting investigation and search operations according to appendix 5 to this joint order;

6) checking leaf concerning the subjects (objects) of control performing activities for rendering services in identification of technical channels of information leakage and special technical means, intended for conducting investigation and search operations within activities of the operational center of information security according to appendix 6 to this joint order;

7) checking leaf concerning the subjects (objects) of control performing activities for rendering services in identification of technical channels of information leakage and special technical means, intended for conducting investigation and search operations within activities of service of response to incidents of information security according to appendix 7 to this joint order.

2. To provide to department on protection of the state secrets of Committee of homeland security of the Republic of Kazakhstan in the procedure established by the legislation:

1) state registration of this joint order in the Ministry of Justice of the Republic of Kazakhstan;

2) the direction of the copy of this joint order on official publication in periodic printing editions and information system of law of Ad_let within ten calendar days from the date of its state registration in the Ministry of Justice of the Republic of Kazakhstan, and also in the Republican state company on the right of economic maintaining "The republican center of legal information" of the Ministry of Justice of the Republic of Kazakhstan for inclusion in Reference control bank of regulatory legal acts of the Republic of Kazakhstan within ten calendar days from the date of state registration of this joint order;

3) placement of this joint order in Internet resource of Committee of homeland security of the Republic of Kazakhstan.

3. To impose control of execution of this joint order on the vice-chairman of the Committee of homeland security of the Republic of Kazakhstan supervising activities of Department for protection of the state secrets of Committee of homeland security of the Republic of Kazakhstan.

4. This order becomes effective after ten calendar days from the date of its first official publication.

Appendix 1

to the joint Order of the Chairman of Committee of homeland security of the Republic of Kazakhstan and the Minister of national economy of the Republic of Kazakhstan of October 25, 2016 No. 72, on November 9, 2016 No. 471

Criteria for evaluation of risk degree in the spheres of ensuring information security and special technical means intended for conducting investigation and search operations

Chapter 1. General provisions

1. These Criteria for evaluation of risk degree in the spheres of ensuring information security and special technical means intended for conducting investigation and search operations (further – Criteria) are developed according to Item 5 of article 141 of the Entrepreneurial code of the Republic of Kazakhstan, Rules of forming, regulatory state agencies of system of assessment and risk management approved by the order of the acting minister of national economy of the Republic of Kazakhstan of June 22, 2022 No. 48 (it is registered in the Register of state registration of regulatory legal acts at No. 28577), for the purpose of conducting the inspections which are carried out on compliance to qualification requirements according to the granted licenses (further – checks on compliance to requirements).

2. In these Criteria the following concepts are used:

1) subjects (objects) of control are the licensees performing activities in the spheres of ensuring information security and special technical means intended for conducting investigation and search operations;

2) point – quantitative measure of calculation of risk;

3) insignificant violation – violation of the requirements established by regulatory legal acts in the spheres of ensuring information security and special technical means intended for conducting investigation and search operations regarding transfer to permanent or temporary use of developed technique to the third parties without approval of the licensor;

4) normalization of data – the statistical procedure providing reduction of the values measured in different scales to conditionally general scale;

5) considerable violation – violation of the requirements established by the legislation of the Republic of Kazakhstan in the spheres of information security and special technical means intended for conducting investigation and search operations regarding discrepancy to qualification requirements: submission of the electronic report not in form, provision of doubtful data in electronic format, lack of the developed and approved techniques, violation of procedure for transfer of search technical means, discrepancy of the room to requirements imposed to it;

6) gross violation – violation of the requirements established by the legislation of the Republic of Kazakhstan in the spheres of information security and special technical means intended for conducting the investigation and search operations attracting the administrative responsibility provided by the Code of the Republic of Kazakhstan "About administrative offenses" regarding discrepancy to qualification requirements: non-presentation of the electronic report, absence of the specialist, lack of specially allocated room for implementation of the declared type of activity, lack of the work permit with the data constituting the state secrets, lack of minimum necessary equipment, violation of the notification procedure of the licensor, violation of procedure for transfer of the developed, realized or repaired special technical means intended for conducting investigation and search operations and documentation to them to the third parties;

7) risk – probability of damnification as a result of activities of the subject of control to legitimate interests of physical persons and legal entities, valuable interests of the state taking into account severity of its effects;

8) system of assessment and risk management – process of acceptance of the management decisions directed to decrease in probability of approach of adverse factors by distribution of subjects (objects) of control on risk degrees for the subsequent implementation of checks on compliance to requirements for the purpose of minimum possible extent of restriction of freedom of enterprise, providing at the same time admissible risk level in the corresponding fields of activity, and also directed to change of risk level for specific subject (object) of control and (or) release of such subject (object) of control from checks on compliance to requirements;

9) objective criteria for evaluation of risk degree (further – objective criteria) – the criteria for evaluation of risk degree used for selection of subjects (objects) of control depending on risk degree in certain field of activity and which are not depending directly on separate subject (object) of control;

Disclaimer! This text was translated by AI translator and is not a valid juridical document. No warranty. No claim. More info