Regulator
Regulator (regulatory authority) – a state organization that controls the implementation of the requirements of the Russian legislation on the protection of information and against data loss and unauthorized access at the objects of state power, as well as information constituting state secrets.
[text_with_btn btn=”Learn more” link=”/en-ru/services/info-security/” btn_size=”small”]Information security[/text_with_btn]List of regulators
In Russia, regulators include:
- FSB. Ensures security in the country within the limits of its authority: for example, it certifies information protection equipment.
- FSTEC. It implements and supports the government’s policy in the field of IS, carries out interaction between other agencies.
- FSTEC.
- FSO. Develops and implements state policy and legal acts in the field of protection of information classified as state secrets, provides special communication between state authorities.
- Roskomnadzor.
- Roskomnadzor. Controls the activities of the mass media in providing inaccurate information or leakage of information constituting state secrets. Performs the functions of supervision over compliance with the requirements for systems that process personal data of citizens.
- Roskomnadzor.
- Mincomsvyaz. Develops and implements state policy and regulatory and legal documentation in the field of IT, media, telecommunications, etc.
- Mincomsvyaz.
Attestation
. Attestation is necessary for companies whose activities are regulated by the state – for example, financial organizations. The same bank works with personal data of the client, including confidential information about the account.
In order for a financial organization to be able to process data, it needs to be certified and meet the requirements of a number of Central Bank regulations and GOST. The requirements imposed by regulators on organizations must be fully complied with. Otherwise, a legal entity is not certified and has no right to engage in the processing of information the dissemination of which is restricted by Russian law.
Compliance with IS requirements is also relevant for commercial organizations. Based on regulatory documents, companies develop their own regulations and provisions that are mandatory for employees. To conduct certification, companies engage representatives of regulators or relevant organizations that have the necessary licenses.