If the server costs you not being at home, you can’t get new access and, moreover, you can’t contribute to the policy of the data center, then you simply don’t have the ability to viconate a number of vimog the law. Only one thing is left, know the hosting which is in compliance with the law.

I’m not Beguet at once, having written a sheet to him about the availability of FSTEC licenses for the protection of confidential information. It was vague, like I’m not me and the hut is not mine, we’re not guilty of anything else ... As a summary, they don’t have licenses, and it’s impossible to mean a website that collects personal data there. Climbing on the Internet (not particularly strong yet) and knowing about RU-CENTER with a license.

License for activities for the distribution and (or) collection of services for the protection of confidential information
LICENSE No 0917 issued on 20 april 2011

License for activity for technical protection of confidential information
LICENSE No 1 594 issued 20 april 2011
Pravovlasnik: Partnership with a limited supply “Regional Merezheviy Information Center”
License term: lineless

Hosting of confidential information in RU-CENTER

March 6, 2012 RU-CENTER starts a new service - hosting confidential information.
Hosting of confidential information - for hosting a site on the Internet with a lot of additional visits due to the protection of information.
The service has been given to allow the visconatie a number of obov'yazkovyh vomog of dignified legislation (Law N 152-FZ), which are presented during the processing of personal data.
Crim of the main methods of data protection and collection of information, winning in other services of RU-CENTER, hosting of confidential information is propagated:

• special certificates of possession, which allow to carry out a number of activities on the protection of information with a border access;
• dodatkove obezhennya physical access to the possession, on which one hopes for a service;
• schodenne backup copy(2 copies);
• the appearance of victorious physical noses in information;
• MySQL, seen for skin care.

The main supporters of new services are small and medium-sized companies, online stores, forums, marketing data systems and other Internet resources, which, when processing and collecting personal data, are necessary to comply with the laws of the Russian Federation (law N 152-FZ).

Vlasne nutrition, how stink for yakistyu?
If anyone knows other hosters licensed by the FSTEC for protection of confidential information, please add to this topic.

The first step is to proceed before the analysis of 152-FZ, next to know, which is also the law 242-FZ, which is the beginning of ceremonial s of the 1st spring of 2015, which is the normative act, which introduced changes into the other, the main body of law - Federal Law No. 152, adopted ii in lipni 2006 rock. Praise for the law on the "localization of personal data" was accompanied by a wide display of legislators' initiatives in various ZMI, as a result of which two main myths about Federal Law No. 242-FZ:

• Russians have now been prevented from distributing their personal data (websites) behind the cordon;
• all foreign companies have been blocked from collecting and processing personal data of Russians on servers outside the borders of the Russian Federation.

Federal Law No. 242-FZ transfers that “when collecting personal data, including for the help of the Internet, the operator of the goiter shall ensure the recording, systematization, accumulation, collection, clarification (updating, changing), taking the personal data of citizens Russian Federation from selected data bases that are located on the territory of the Russian Federation. In times of non-compliance with the law, access to the site, which is used in the primary collection and collection of personal data of Russian citizens on data bases, which are within the boundaries of the jurisdiction of the Russian Federation, may be occupied.

Chi can vikoristovuvati hosting behind the cordon

The law does not defend placement of any site (data base) on servers, distributed on the territory of the country, which signed the convention for the sake of Europe ETS No. 108, as well as transcordon transfer of personal data. Concerning the ratification by Russia of the Convention for the sake of Europe ETS No. 108 “On the protection of physical data in the automated processing of personal data”, in part 2, article 12, it is said that the lands that have come to it will not be fenced, or put a special final control information flows personal data that are transferred to the territory of the other side of the Convention, and art. 25 defending whether or not to guard against the Convention.

Tse means that you have to win hosting outside the borders (not within the borders of the Russian Federation), as well as the collection and processing of personal data, is respected legally, as hosting transfers in one of the countries that signed the Convention: Austria, Belgium, Bulgaria, Denmark, Veliko britain, ukraine, Nіmechchina, Greece, Ireland, Spain, Italy, Latvia, Lithuania, Luxembourg, Malta, Netherlands, Poland, Portugal, Romania, Slovakia, Slovenia, Finland, France, Czech Republic, Sweden, Estonia, as well as weeping roses 'Roskomnadzor's ashlar, in the lands, what is the adequate protection of personal data. Such countries are known to be able to carry out national regulatory legal acts in the sphere of protection of personal data and encouragement of the observational body from the protection of the rights of subjects of personal data: Andorra, Argentina, Israel, Iceland, Canada, Liechtenstein, Norway, Ser biya, Croatia, Montenegro, Switzerland, Pivdenna Korea, Japan.

Responsible for the protection of personal data

Physically, the site and the data base can be transferred to the hosting of any country that has signed the Convention for the sake of Europe ETS No. 108. The Law can help the operator to record, systematize, accumulate, save, clarify (update, change), collect personal data of the citizens of the Russian Federation from the list of data bases that are located on the territory of the Russian Federation, however, the Law does not Russians' personal data storage on servers has been blocked position of the territory of the Russian Federation. Edin umova, so a bunch of personal data were collected and processed in the Russian Federation. And again, we do not block the transcordon transfer of personal data and the work with it in the countries signed the Convention.

Vidpovidnist hosting JIKHOST 152-FZ

Jhost replies 152-FZ for the regulation of the replication and transcordon transmission of personal data.

Schematically, the principles of robotic descriptions are below:

hosting personal information, The database is replicated to a server that is located on the territory of the Russian Federation, in such a way it ensures the constant relevance and completeness of data in accordance with the Law. Then the data is replicated to the local data base of the server, for which the site is being processed. Such a circular scheme is practiced everywhere. If so, as it is necessary only to read data, then it will come out without replication, without intermediary local basis danich. Crime of compliance 152-FZ, given scheme robots increase productivity, productivity and superiority of robots to hosting.

• Federal Law "On Personal Data" dated July 27, 2006 N 152-FZ

publications

On the 3rd of spring 2015, the Russian Federation began to introduce regulations on the localization of the collection of personal data (242-FZ, dated 21.07.2014). Dane innovation, insanely, appeared to be one of the main drivers in the Russian market for hosting and bad billing, having thought, as operators of personal data, as well as hosting providers, for the devil's time to think about it, how to secure such a security, it would have been easy food, yak website subject to personal data laws.

Regardless of those that the Federal Law of 07.27.2006 R N 152-FZ "On Personal Data" has already made decisions for a long time, not everyone has been up to the new and learned yoga. Chastkovo zavdyaki great number of normative documents and regularly change to them. On this day, the stench comes from several departments: Uryad, Roskomnadzor, FSTEK and FSB. And also to finish the important position of the regulator, which is the deputy of the policy of slaughtering flowers, having formed a strategy of smooth, but not turning nuts.

As a great business and organs of state power, as the most disciplined participants in the market, who have already brought their information systems of personal data (ISPDn) to the law, then the middle and other business only at the same time we begin to ascertain that for a distant reason that development, Imu all - still happen to get out of the silence, including in the part of the violation of the legislation on personal data, more so, because the silence itself is getting smaller and smaller and on all the other times, it doesn’t work.

Why work with the clerk of the website, on which personal data are collected and saved (for example, in a special office of an online store)? Let's try at once in a different way.

If a website collects personal data, then the information system of personal data falls under 152-FZ

Why should Roskomnadzor himself say: “Vidpovidno up to paragraph 9 of Art. 3 of the Federal Law "On Personal Data" the information system of personal data - the collection is kept in the databases of personal data and ensures its processing information technologies and technical aids. At the time of recognition of the website, we will designate the vimog of the wine and the information system.

What is personal data, we all intuitively know, but it is important to understand what it is from the point of view of legislation. According to paragraph 1 of Article 3 of the Federal Law No. 152-FZ, personal data - whether it be information that can be seen directly or sideways to the first one, or is designated as a physical person. Tobto, it’s practically everything that’s good: from the IPN to the color of the hair and rozmіru vzuttya, without seeming already about the phone number and address, whether it’s electronic or mail.

In this way, an online store or just a website, a special office or a registration of koristuvachiv, online booking, booking, payment, delivery, etc. etc., in terms of 152-FZ, everything is the information system of personal data (ISPDn), and Yogo Vlasnik is the operator of personal data.

The law on personal data insurance has a trend in tax billing and outsourcing

About the relevance and prospects of IT outsourcing, especially for companies in the sector of small and medium enterprises, it has been said and written already, so in this article I will not advocate reading “for the gloom”. Tim more than we all and so well know that most sites on the Internet are hosted on public web servers of providers of hosting services.

There are plenty of reasons for this, but the most important thing is that it’s insanely healthy for companies to protect, cheaply take advantage of a web service with high availability. The creation of a state-of-the-art computing infrastructure, as if it could be superior, even though it would be equal to the Tier-III standard with the data center, is worth a million rubles. Firstly, it’s necessary to use it: if it’s not a corridor, it’s not a basement, it’s not a mountain, it doesn’t get flooded, and it doesn’t interfere with third-party access. You need ventilation and air conditioning, moreover, with a singing overhead. It is necessary to organize an autonomous and backup power supply. For what purpose is it necessary to install a DGU here. Nareshti, need physical protection and service personnel. In addition, in order to guarantee the availability of the service, you will have to buy a new set of spare parts to the server fencing. Tobto, zam_st one server, actually happen to buy two.

Naturally, due to the development of digital billing, virtualization technologies and clearly manifested trends before switching to outsourcing, more and more companies from the SMB sector are planning to transfer their information systems from the “pedestal” system blocks to the digital one. ny resources, roztashovanі in vіdpovіdat modern industrial standards accounting centers.

In information systems, no matter what business, a lot of personal data is saved and processed. You can either, as personal data of spivrobitnikіv pripriyemstva, so і data of clients or contractors. Corporate information systems are designed differently, both functionally and technologically. You can also use the accounting automation system, for example, 1C and website special cabinet koristuvacha i online store. In this case, information systems, as a rule, are mutually related - they transmit one information to one, including personal data.

3 of Article 3 152-FZ, the processing of personal data - whether it be a diy (operation) or a continuum of diy (operation) that results from the selection of automation benefits, or without the selection of such benefits from personal data, including selection, record, systematization, accumulation, saving, clarification (updating, changing), heroism, decoupling, transfer (expansion, data, access), segregation, blocking, removal, reduction of personal data.

In this way, placing ISPD on the provider's server is nothing else, like outsourcing, as a minimum, such functions for processing personal data as: recording, saving, reading (vigilant), transfer and remote.

Zgidno item 2 of article 3 152-FZ, the operator (personal data) is a legal or physical person, as an independent or jointly with other persons organizing and (or) organizing the processing of personal data, and also determines the purpose of processing personal data, warehouse personnel them danich , what are the procedures, dії (operations) that are applied with personal tribute.

Obviously, the hosting provider, which has taken on the functions of collecting and transferring personal data, is the operator, in accordance with the site manager (information system that processes personal data) singing visits for safety їх safety. Nasrravdi, it is not so filled with Treba Viddati by the authors by the Law "On Personal Danі" No. 152-ФЗ І Decision Unit No. 1119 VD 01/01/2012, Yaki, the operator of the personal Danny partners of the functions for outsourcing the parties of the Organiza.

Legislator regulating the placement of websites that process personal data on hosting, which is supposed to be a third-party organization

The operator of personal data may have the right to entrust the processing of personal data to another person for the year of the subject of personal data, on the basis of a special contract (delegation). The person, as zdіysnyuє processing of personal data on behalf of the operator, goiter is obliged to comply with the principles and rules for the processing of personal data, transferring by statutory legislation. The trusted operator is responsible for the appointment of a transfer of data with personal data, as it will be a special one for processing personal data, and for processing, it is the responsibility of but the language of such an individual to ensure the confidentiality of personal data and to ensure the security take care of the security of personal data during their processing, as well as owing to the owe of the extortion of personal data to the protection of personal data (clause 3, article 6 152-FZ).

In this rank, the hosting provider, as the owner of the site, as the operator of personal data, is processed on the site and vindicated for its availability, savings and security. With one less difference - the site’s authority was responsible to the subjects of PDN, and, in the transfer of legislation, the goiter was removed from the subjects, and the hosting provider, as an approved person, carried the agreement nіst in front of the site manager , taking into account new personal data and saving them, but for the removal of the allowance of the subjects are not required.

Vzagali, the topic of the selection of subjects for the collection of their personal data is already great and cicava, insanely, meritorious for a great statute.

Demarcation of the zones of the hosting provider's and the site's authority for dotrimannya could up to the protection of personal data

Wait a minute, it would be unfair to transfer all the money for the security of personal data to the hosting provider. Aje often, wine and nasty things can’t be, kim, how and why the spellings are posted on this server site. As passwords for authorization to access to the PDN are won there, in which case the stench is saved, that stench is victorious.

Order No. 1119 (paragraphs 13 - 16), in order to ensure the necessary level of protection of personal data in the course of their processing in information systems, it is necessary to overcome offensive threats:

№	Vimoga PP 1119	Necessary riven of protection	Range zone
	Organization of the security regime for the accommodation in which the information system is located	UZ-4; UZ-3; UZ-2; UZ-1;	Hosting provider;
	Safeguarding your personal data		Hosting provider;
	Confirmed by the operator's certificate of the transfer of osib, as if they may have access rights to personal data
	Winning certificates for the protection of information (those who have passed the procedure for assessing the validity of the authorities of legislation)		Hosting provider;
	Appointment of a landowner, vidpovidalnoy for ensuring the security of personal data	UZ-3; UZ-2; UZ-1;	Vlasnik site; Hosting provider;
	Access to the zmіstu e-journal about the possibility of including for special people access rights	UZ-2; UZ-1;	Vlasnik site; Hosting provider;
	Automatic registration in an electronic journal	UZ-1;	Vlasnik site, hosting provider
	Creation of a structural support, vouching for the security of personal data		Vlasnik site, Hosting provider

The hosting provider is guilty of Roskomnadzor's mother's license for calling services

As you can see, for the service of a call, a license from Roskomnadzor is required. Tse vyplivaє, for example, from paragraph 36 of Article 12 of the Federal Law of 04.05.2011 No. 99-ФЗ “On licensing other types of activities”.

It is necessary to transfer the name of the services of a call, which is to be made up to the license for the activities of the field of services of a call, approved by the resolution of the Order of the Russian Federation of February 18, 2005 No. 87), to the licensing of the services of a call, including i, can be seen:

• Telematics services zv'yazku (the hosting itself is included before them);
• Data call services, data call services for the purpose of voice information transmission.

For hosting sites that collect personal data, the hosting provider is responsible for the FSTEC license

The Federal Service for Technical and Export Control (FSTEC of Russia) - regulates activities, deals with technical protection of information, deals with the power of state policy in the field of legislation, standardization, licensing, and also conducts additional revisions.

Oskіlki hosting provider, as a person who has been approved by a contract-deputy, as an operator of personal data, in order to work technically, come in at your own discretion, so that you can apply services for technical protection of information, as, licensing activities for technical protection of confidential information , approved by the Decree of the Russian Federation on February 3, 2012, N 79 to be considered for licensing types of activity.

To the warehouse of organizational and technical visits to ensure the security of personal data, approved by order of FSTEC No. 21 dated 18.02.2013, enter:

• identification and authentication of access subjects and access objects;
• access control subject to access to access objects;
• software upgrade;
• protection of machine noses of information;
• registration of security measures;
• antivirus zakhist;
• vyyavlennya (zabіgannya) invasion;
• control (analysis) of the protection of personal data;
• security of the integrity of the information system and personal data;
• ensuring the availability of personal data;
• zahist of the middle of virtualization;
• defense of technical assistance;
• zahist _information system, її zasob_v zv'yazku і data transmission systems;
• detection of incidents, and response to them;
• ISPD and SZPD configuration management.

For Viconnya Robit, to forget the recklessness of the persons, to be allowed to be hazardously on the docking basics of the Contribution Organiza, and the LICCESSIONAL IN THE TECHNISHICH IN THE DICHISTRY OF THE CONCHECTIONALIDARY INFORMARIA (paragraph 2 of paragraph 2 of FSASA 21).

A number of visits to ensure the security of personal data due to the availability of the FSB license from the hosting provider

To the warehouse, come in to ensure the security of the security of the level of protection of personal data, according to the Order of the FSTEC No. 21, include the next steps:

• Implementation of the stolen remote access subject to access to objects of access through calling information and telecommunication measures (UPD.13);
• Safeguarding the protection of personal data in the form of disclosure, modification and imposition (introduction of false information) during transmission (preparation before transmission) via communication channels, yakі mayut vihіd between controlled areas, including wireless channels 'language (ЗІС. 3);
• Ensuring the reliability of border services (sessions in mutual modality), including for the protection of the mind framing outbuildings i services (ЗІС.11);

Based on the essence of these approaches, it was understood that for their implementation it is necessary to use the cryptographic protection of information (SKZI). As you know, nutrition, po'yazanі z vikoristannyam ZKZІ in the Russian Federation regulation of the Federal Security Service (FSB of Russia).

Regulations on the licensing of activities for the distribution, encryption, distribution of cryptographic (cryptographic) codes, approved by the resolution of the Rada of the Russian Federation on April 16, 2012, r No. 313 Yes, including:

• Rozrobka plunders cryptographic tools, information and telecommunication systems;
• Installation, installation, adjustment of cryptographic tools and protection of victories, information and telecommunication systems;
• Robots for servicing cryptographic services;
• Transfer of cryptographic data and protection to victories, information and telecommunication systems;
• Service for encryption of information.

The billing center of the hosting provider is guilty of being located on the territory of the Russian Federation

On 1-September 2015, the Russian Federation entered into a regulation on the localization of the collection and processing of personal data, a law in the Federal Law No. Russian Federation in part clarification of the procedure for processing personal data in information-telecommunication measures ", as a result of clause 1, article 2 of which, when collecting personal data, including for additional information and telecommunication measures, the Internet, the operator of the goiter to secure the record, systematization, has been accumulated nya, saving, clarifying (updating, zmina), hero of the personal data of the citizens of the Russian Federation from the list of data bases that are located on the territory of the Russian Federation.

In this case, it is important to note that the transcordon transfer of personal data, as such, is not protected, but is regulated by law. Details about it can be read in Art. 12 152-FZ.

Briefly about the smut

Otzhe, zagalnimo vishchevikladene.

The website is an information system for personal data, which allows you to enter, save or review personal data. good butt can serve as a practical site with a special office, online booking, booking or purchase with delivery, etc.

The collection of personal data of clients online is not only a necessity for modern electronic commerce, but a wide range of opportunities for marketing, a description of which many merit for the work of the state.

Vlasnik site, scho є ІSPDn, goiter filing a report to Roskomnadzor, in order to indicate: if personal data is saved and processed, physically hosting the server, on which ІSPDN functions. You can read about it in my article “How to file a reminder in the RKN and not spend it in a chalepa”.

Agreement with the hosting provider, in terms of the number of characteristics and characteristics of the number of resources, in the obligatory order, is responsible for entrusting the processing of personal data, from the designation of a specific transfer of data, as it will be with them, in the new duty of being appointed or i procedure for processing personal data , moreover, to their defense, and it is also the responsibility of the provider for the security of personal data.

Crimia of Roskomnadzor’s standard licenses for hosting companies for telematic services, calling, for the protection of personal data, are obtained on the websites of clients, the hosting provider is guilty of the FSTEC license for the operation of the technical protection of confidential information approval and license of the FSB for the provision of services related to vikoristannyam cipher (cryptographic) koshtіv.

I, nareshti, the provider's server, on which personal data is physically stored, is guilty of staying on the territory of the Russian Federation.

Also, in this article, a rich look, but far from all aspects of the placement of ISPD on the calculation resources of providers of bad services. more detailed information You can take a look at the following documents and information resources:

Legislation

• Decree of the Order of the Russian Federation dated 01.11.2012 N 1119 "On the confirmation of personal data could be up to the date of processing in the information systems of personal data"
• Order of the FSTEC of Russia dated February 18, 2013 No. 21 Concerning the approval of the Warehouse and the change of organizational and technical entries for ensuring the security of personal data during processing of personal data in information systems

  Telegram Passport allow to identify the person of the koristuvach. All necessary documents and data will need to be sent to Telegram once, and then you can transfer them to Telegram partners. It is planned that before the launch of the new service, you will be able to use the services of many such partners, including Qiwi.

  More...

Solution "Khmara FZ 152»Forcing the Operator of personal data to waiver on the creation and volodinnya protected by IT-infrastructure for vikonannya could 152-FZ and 242-FZ. In other words, as Russian legislation calls for your company to live all the necessary organizational and technical details, come in for protection of special data in the form of unauthorized and illegal delivery, choose Cloud4Y solution.

Press the button “Try it without cost”, fill in a small form and find out how to overcome the problems with great costs for the organization of IT infrastructure, so that you will be satisfied with the help of Federal Law No. 152

Why is “Khmara FZ 152” necessary:

• Okreme protected, certified and atestovane "Hmara" for the placement of ISPD.
• Certification of virtualization mechanisms: a hypervisor for computing resources, a system for managing a virtualized data transfer mechanism, a virtualization platform and a data storage system.
• The provision of security services (on the basis of certified zasobіv zakhistu), as they can become victorious clients, as they place their ІSPDn in the dark.

Organization of distribution of ISPD in darkness:

• Responsibility of the operator of the PDN in the form of capital expenditures on the settlement and volodinnya protected by the IT-infrastructure;
• The operator's responsibility for part of the legal liability for the violation of laws 152-FZ, 242-FZ;
• Allows you to win the system-wide and special software security of the provider;
• Allows the support of IT-infrastructure by highly qualified personnel in 24 × 7 mode

Features of "Khmara FZ 152":

• The placement of the ISPD is hoped as a servant, so the deputy does not have capital expenditures.
• Cloud4Y acts as an individual, as a proxy for the processing of personal data at the request of the operator.
• The system has passed certification by FSTEC licensees, which confirms the reliability of the security guards. Zastosovuvani zasobi zahist passed in the established order the assessment of the validity and mayut certificates, issued by the competent authorities of the FSTEC and the FSB of Russia.
• Availability of certificates for various elements of the cloud that implement the functions of security (hypervisor, enable security, integration into the cloud, enable security, promoted to clients as a security service.
• A complex of organizational and technical approaches to defend, which allows you to protect customers from current threats from the side of service personnel, from the side of other customers and other contractors.

Normative documents and classification

You can familiarize yourself with the text of Federal Law No. 152 on personal data at your request.

White Paper about Federal Law 152

Cloud4Y experts have nurtured the protection of the PDN and created a ceremonial work, like a child of an organization, to confirm the Federal Law-152. We have tried to explain, with my simple words, the points of legislation, to put the swindler down and write down those little bits, as it is necessary to work.

Licenses and certificates

prices

ACTION: only until April 30, 2020 to the rock "Khmara FZ 152" for the price of a great NOW! details

In order to take care of the rozrahunok vartosti services of "Khmara FZ-152" turn to some kind of manager by phone +7 495 268 04 12 otherwise be something else manually available in retail

Familiarize yourself with the Perelikom of normative legal acts that are being installed footwear until the end of the activity legal issues and іndivіdualnyh pіdpriєmtsіv vіdpovіdnіstyu processing of personal data vymogoyu legislаtіv Rosіyskї Federacії in the field of іnіdіvіdіvі dannym za silannym.

Food Parts (FAQ)

1. What is the essence of your service FZ-152?
We have worked in our data center for theft of a circuit, which has passed the certification for security clearance up to FZ-152 and having taken the certificate of security from the protection of personal data up to the 1st level of theft, inclusive. We help our clients to close the power supply from a technical point of view. Sovereign institutions can also be issued a certificate of security of the 1st class for state information systems (certified by the 17th order of the FSTEC) and a certificate for the protection of confidential information according to class 1G (certificate of STR-K).

2. What do we need?
The shards are a collection of personal data, according to the law FZ-152, they are automatically extended to you. And establish the sovereigns, as if they were the sovereigns information systems, Subject to the 17th order of the FSTEC.

3. How much does it cost?
Varity is secured individually for the patron, with the protection of obligations, equal protection, terms of placement.

4. Can you help in the preparation of documentation?
So we can, (let's get the templates ready, or we take on the whole process of preparing the key).

5. How is the data transmission channel organized?
Vikoristovuetsya encryption on the Russian GOST channel through the VipNet-coordinator.

If you don’t know the answer to your diet, go to ours, ask our consultants on the site, vicorist online chat, or write a request to the support, vicorist.