Hosting on the requirements of 152-FZ

Parking.ru Company has launched a new service under the telling name “ Hosting ISPDn ”. This service will allow customers (personal data operators) to outsource information systems containing and processing this most personal data (ISPDn), such as: social services, online stores, billing systems, personnel systems, accounting and other services we are used to.


The impetus to the creation of this service was, of course, the Federal Law No. 152- “ On Personal Data ”, which enters into full effect on January 1, 2011, according to which information systems containing and processing personal data (SPDN), special technical and administrative requirements are made.

On Habré already raised the topic of the law "On the protection of personal data," for example, it was told about what the consequences of the entry into force of the law and briefly about how to determine the class of its IPDD .
')
As part of the new service, Parking.ru offers complete integrated solutions for 4-2 class information systems, as well as special services, including certification for ISPD, belonging to the 1st class.

The service is designed both for companies from the small and medium business segment that have information systems more closely related to 4-2 classes, and for large companies that would be more logical to outsource the system than to ensure compliance with the requirements of 152- on their own. Thus, for the customer, the procedure of bringing the information system into compliance with the requirements of the Federal Law is simplified, since the provider undertakes a significant part of the work.

The list of measures to fulfill the requirements of 152- includes the implementation of technical measures, as well as solving legal and organizational issues.

On the technical side, Parking.ru provides hosting infrastructure that complies with the technical requirements of the Federal Law, and also provides services for system administration , ensuring the level of system security and the safety of personal data.

It is known that the requirements imposed by the FSTEC on the operating conditions of ISPD differ significantly depending on the class of the system:

- for ISPD 4-2 classes, Parking.ru uses, basically, the same physical, hardware and software infrastructure as for the provision of “regular” hosting services. The differences are in the "enhanced" settings of information security subsystems, as well as in the complex of events and commitments that are taken before the customer, which is recorded in the advanced, as compared with the usual documents - the service level agreement (SLA) and confidentiality agreement (NDA ).

- For ISPD 1-class, there are much more serious requirements, which are met with certified software, special protection, encryption, etc. Physically, ISPD 1 class is operated in dedicated network segments, on dedicated equipment.

Now we are ready to offer " typical solutions " for hosting ISPDN 4-2 classes. For ISPD 1 class, bringing the system into compliance with 152- when hosted on a hosting is an individual project that includes all stages, from audit to certification. With the accumulation of practical experience, in the future we hope to offer typical solutions for certain class 1 systems, which will speed up, simplify and cheapen the process of their certification during hosting.