Personal data: dura lex, sed lex
Recently, personal data protection has become one of the most pressing issues for organizations. It is even considered one of the drivers of the development of the commercial data center market. However, there are not many ready-made offers for hosting information systems that process personal data as required by law in the data center services market.
According to the forecast of iKS-Consulting, by 2018, the Russian data center market will almost double in comparison with the beginning of 2015 and exceed 26.3 billion rubles, and the number of installed racks in commercial data centers will increase to 48.3 thousand. Entry into force of the Federal Law No. 152 “ On Personal Data ”, which requires the storage of personal data in the territory of the Russian Federation, in the near future will be one of the key factors for its growth. In addition, the tightening of legislation in the financial and banking sectors, as well as growing competition in the telecommunications industry and retail trade and increased reliability requirements will push an increasing number of companies to use the services of commercial data centers.
According to PMR analytical company estimates, in 2014 the volume of the market for commercial services of data centers in Russia reached 11.7 billion rubles, which is 20.4% more than a year earlier. This growth is attributed by analysts to the development of the domestic Internet economy and increasing data volumes in corporate IT systems. The demand for colocation services has increased, when a provider places client equipment in a data center, provides service and connection to communication channels. More than 50% of the cost of such services comes from banks that use third-party data centers to back up data and duplicate IT systems. Financial institutions typically rent space for 5-15 racks.
Federal Law No. 152 “On Personal Data” (FZ-152) regulating the processing (use) of personal data was adopted by the State Duma on July 8, 2006 and approved by the Federation Council on July 14, 2006, and the president signed it on July 27, 2006. FL-152, Article 1, Clause 1 regulates the relations connected with the processing of personal data carried out by federal state authorities, state authorities of the constituent entities of the Russian Federation, other state bodies, local governments, other municipal bodies, legal entities and individuals using automation equipment, including information and telecommunication networks.
In the summer of 2014, amendments were adopted obliging organizations to store personal data of Russians on servers located in Russia (Article 2 of Federal Law No. 242 of July 21, 2014 “On Amendments to Certain Legislative Acts of the Russian Federation regarding the clarification of the procedure for processing personal data in information and telecommunication networks ").
')
The law is strong, but it's law. It was assumed that the new rules will take effect from September 1, 2016. However, in September 2014, the State Duma Committee on Information Policy recommended approving the amendment, according to which the law was supposed to take effect on January 1, 2015. But due to the fact that the business did not have time to prepare for the entry into force of the law, in early December 2014, the State Duma finally shifted the deadline for September 2015.
The amendments affect not only online stores, social networks and organizations that provide travel services, but also all companies that in one way or another use foreign data centers in their work with personal information of citizens. That is, it can affect almost any company, since almost all organizations are engaged in the processing of personal data: at a minimum, it is the processing of their employees' data.
According to the Federal Law-152 (Article 3, item 1), personal data is any information relating to an individual (subject of personal data) determined or determined on the basis of such information, including surname, name, patronymic; year, month, date and place of birth; address, family, social, property status, education, profession, income and other information. Personal data refer to information of limited access and must be protected in accordance with the legislation of the Russian Federation.
Personal data is divided into four categories:
Meanwhile, Roskomnadzor has not yet clarified what is considered personal data. For example, recently it was proposed to expand this concept to include information about users' actions on the Internet, for example, in social networks. The possibility of duplication of personal data on servers abroad remains unclear. The law does not contain specific provisions to this effect and responsibility for their violation. In the meantime, it turns out that under Russian law, any information can be considered personal data, even if we are talking about the name and surname in the e-mail system.
The state, municipal body, legal or natural person, independently or jointly with other persons, who organizes or carries out the processing of personal data, are the operators of personal data. The processing of personal data is any action with them. In accordance with Part 1 of Art. 22 FZ-152, the operator is obliged to notify Roskomnadzor of his intention to process them prior to the processing of personal data. The exceptions are several cases described in Part 2 of Art. 22 FZ-152.
For example, personal data operators include financial and insurance organizations, retailers using loyalty programs, medical institutions, educational institutions, social institutions, representative offices of foreign companies that process personal data of Russian citizens, as well as other organizations working with individuals.
What kind of response measures will be applied to violators? This may be an administrative penalty, the inclusion of the company in the register of violators or blocking the site on which the processing of personal data. The Register of Violators of Rights of Personal Data Subjects must be maintained by Roskomnadzor, and the basis for inclusion in the list will be a valid judicial act.
Where should personal data be stored and processed? Is it possible for their operator to use the services of a third-party data center? How to personal data operators to prepare for the execution of the law? In general, the business community does not quite understand how to work under the new law - which data is personal and protected, can you have a copy of databases abroad, will the innovations affect popular foreign services related to booking rooms in foreign hotels, booking taxis, tickets and representatives of other activities that are integrated into the global information space.
Roskomnadzor began to prepare bylaws clarifying the provisions of the laws, which were ambiguously perceived by IT experts. For example, the department decided that the personal data of Russians should be stored only in Russia, although there was no such requirement in the law.
Meanwhile, the world's leading IT companies have already begun to transfer the data of their Russian users to servers located in the territory of the Russian Federation. Such companies include eBay, PayPal, AliExpress, Google, Visa and Mastercard. However, foreign Internet services do not have to transfer all the personal data of their Russian clients to Russia. Here only the data of new clients should be stored - received after September 1, when the law on their obligatory storage in the territory of Russia comes into force. This is a fairly small amount of data, which greatly simplifies the task.
According to the law FZ-242, when collecting personal data, including via the Internet, the operator is obliged to ensure the recording, systematization, accumulation, storage, updating, modification or extraction of personal data of Russian citizens using databases located in the Russian Federation. Personal data operators should not only store such information domestically, but also be registered with the relevant authorities, including indicating where the data is stored, and submitting a number of other information, to take obligations to provide information from such databases to law enforcement agencies according to the established law to the rules.
The current situation related to the law on the storage of personal data, in general, has a positive effect on the suppliers of data centers and cloud solutions. The adopted law on the storage of personal data in Russia has led to an increase in demand for data center services. According to market experts, the practice of building their own data centers in Russia by foreign companies will not be particularly popular, since they have the opportunity to place part of the workload in the territory of the Russian Federation, cooperating with major Russian providers.
In addition, there are options that allow foreign companies to remain in the legal field of the Russian Federation with minimal risks and costs. One way out is to provide cloud services that allow you to control the location of the data. It is the use of cloud data centers to minimize risks and at the same time as quickly as possible implement a set of measures to bring the mechanisms of storing and processing personal data of Russians into compliance with the requirements of the Federal Law.
In addition, in times of crisis, budgets for building your own infrastructure will be reduced, so the demand for virtual resources will increase. When renting IT resources, only consumed power is actually paid. This leads to cost optimization.
Companies often have a rather superficial understanding of the law “On Personal Data”, have little idea how to properly protect personal data, and what it takes to pass an inspection of supervisory authorities.
Depending on the categories of personal data processed, their volume and actual threats, it is necessary to take measures to ensure their security, in particular, servers. Clients who want to fully comply with the requirements of the law and have no problems with regulatory authorities should take into account the risks of placing their servers with personal data in third-party data centers and be careful in choosing a hosting provider.
It is necessary to thoroughly check the hosting for the presence of the required FSTEC licenses for technical protection of confidential information, FSS licenses for the provision of services using encryption (cryptographic) tools, as well as the use of certified information security tools in the provision of hosting services.
It is often mistakenly thought that the data center should be certified for compliance with the FZ-152. The issue of data center compliance with the requirements of FZ-152 “On personal data” is one of the most frequently asked by customers to owners of commercial data centers. However, such certification for the data center does not exist. It is more correct to be interested in the compliance of the data center services with the technical requirements for the protection of confidential information (TKKI) with the necessary level of security .
Clients who plan to place personal data in a third-party data center can protect their personal data independently, with or without a legal adviser, or seek comprehensive data center services with personal data protection and legal services. The latter option is not yet common on the market and often does not meet all customer requirements (technical, legal or commercial).
Do not think that the acquisition of data center services that meet the requirements of the Federal Law-152 is a sufficient condition for compliance with the law. TZKI must comply with the entire information system - from the physical security of the equipment to software for storing and processing personal data. Certification for compliance with the FZ-152 is individual in nature: relevant projects include, along with the installation of software and hardware data protection tools, the audit of customer processes. At the same time, the personal data processing system and its protection complexes are certified, and not the data center itself.
In addition to the technical protection of personal data, the law imposes a number of administrative requirements, most of which are reduced to the presence in the company of certain documents that must be kept up to date. They are needed to be tested by Roskomnadzor.
Complex offers on the market, combining data center services, ensuring the technical protection of confidential data, documentation and legal advice, are still quite small. As a rule, data centers are aimed at providing technical services, but rarely provide full-fledged legal services without proper expertise.
And this is one of the reasons why, despite the obvious relevance and demand for hosting information systems that process personal data according to the requirements of the law, there are few ready-made offers in the data center services market. One of the first such offers on the Russian market was the secure virtual data center service (VDC.152) by SAFEDATA.
VDC.152 is a separate, secure virtual infrastructure for hosting and processing personal data. Based on the resources of the virtual data center, the customer can create an IT infrastructure of any complexity. The VDC service is built according to the IaaS model. The VDC infrastructure is built on the basis of a network of SAFEDATA data centers , hardware and software solutions from leading manufacturers.
The VDC.152 service is intended for customers whose business processes are related to the processing and storage of personal data of Russian citizens. It was designed to meet all the requirements for these processes.
It is important that VDC.152 can provide certification of a virtualization platform, data storage systems, hypervisors and management systems, providing clients with security services based on certified security features . The customer can perform the certification of the information system independently or with the help of SAFEDATA specialists who prepare all the necessary documentation. The certification of the personal data information system based on the VDC.152 service is carried out by the licensee of the FSTEC of Russia.
The Secure Virtual Data Center service frees the personal data operator from a significant share of the cost of creating its own secure IT infrastructure. It allows customers to use IT resources and software of the provider, and highly qualified staff provides maintenance of IT infrastructure 24x7. Additional benefits for the client are that he does not need to actualize the IT infrastructure himself according to the current changes in the legislation - this is done by the data center operator.
This service is relevant for many categories of customers and types of information systems, including online stores, HR systems, marketing research systems, medical systems, billing and service management systems, etc. It can be claimed by all law-abiding personal data operators who want to bring personal data in accordance with the requirements of FZ-152.
The complex of organizational and technical measures provides comprehensive protection against various threats from the staff and from other customers of the data center. The system is ready for certification by the FSB and the FSTEC as fully complying with all the requirements for the placement of personal data, and SAFEDATA acts as a service provider providing this system using the IaaS model for personal data operators.
A secure virtual infrastructure that complies with the requirements of FZ-152 is located in the data center level TIER III (TIA-942). Protection of the elements of the ISPD infrastructure is carried out by software and hardware certified by FSTEC (non-cryptographic GIS) and FSB (cryptographic GIS).
The VDC.152 architecture includes a hardware platform (servers, network equipment), a storage area network (storage and switching equipment), and the software includes virtualization system software, a resource and virtual environment management system, virtual machines (operating system and application software) . For secure access, an encrypted tunnel (according to GOST) and equipment certified by FSTEC are used. Information protection is provided by the VipNet Coordinator HW 1000 crypto gateway and firewall, Accord-B for unauthorized access control for unauthorized access control systems for ESXi-servers, information protection tools for virtual infrastructure based on VMware vSphere systems (Accord-B for unified self-checklist for vCenter), and antivirus , firewall, intrusion detection and prevention system Trend Micro Deep Security 8.0.
It is also worth noting that the SAFEDATA group owns a network of data centers built in accordance with the requirements of the international standards TIA-942 (TIER III). SAFEDATA data centers with a total area of ​​more than 5,500 square meters. and the area of ​​technological platforms for placement of equipment of 3000 sq.m. have connection to MMTS-9 and MMTS-10, MSK-IX traffic exchange points.
Surveys show that currently most data center service providers provide for an SLA agreement with customers . In the case of a secure virtual data center from SAFEDATA, it contains specific metrics on availability, IOPS, VM access time to disk drives, technical support, etc.
Service Level VDC.152 (SLA).
In addition, one of the data centers SAFEDATA confirmed compliance with the requirements of the standard PCI DSS 3.0 in terms of physical security. This platform is open to accommodate computing facilities and network equipment of participants in the payment card industry. The service provider assumes the physical protection of the servers involved in the processing of payment transactions using bank cards. Such certification is important for customers from the financial industry.
Each operator of personal data must choose a solution that is suitable for him. VDC.152 is not only compliance with the legislation on the protection of personal data without the purchase and operation of technical means of protection (ISPD protection), but also scalability without capital costs and in a short time, continuous technical support. The VDC.152 service may be the best option for customers in a number of parameters. Moreover, the responsibility of SAFEDATA is to prepare a set of documents and services for the certification of the solution.
Our previous post:
- SAFEDATA data center: three in one. Migration Chronicles
According to the forecast of iKS-Consulting, by 2018, the Russian data center market will almost double in comparison with the beginning of 2015 and exceed 26.3 billion rubles, and the number of installed racks in commercial data centers will increase to 48.3 thousand. Entry into force of the Federal Law No. 152 “ On Personal Data ”, which requires the storage of personal data in the territory of the Russian Federation, in the near future will be one of the key factors for its growth. In addition, the tightening of legislation in the financial and banking sectors, as well as growing competition in the telecommunications industry and retail trade and increased reliability requirements will push an increasing number of companies to use the services of commercial data centers.
According to PMR analytical company estimates, in 2014 the volume of the market for commercial services of data centers in Russia reached 11.7 billion rubles, which is 20.4% more than a year earlier. This growth is attributed by analysts to the development of the domestic Internet economy and increasing data volumes in corporate IT systems. The demand for colocation services has increased, when a provider places client equipment in a data center, provides service and connection to communication channels. More than 50% of the cost of such services comes from banks that use third-party data centers to back up data and duplicate IT systems. Financial institutions typically rent space for 5-15 racks.
Keep at home
Federal Law No. 152 “On Personal Data” (FZ-152) regulating the processing (use) of personal data was adopted by the State Duma on July 8, 2006 and approved by the Federation Council on July 14, 2006, and the president signed it on July 27, 2006. FL-152, Article 1, Clause 1 regulates the relations connected with the processing of personal data carried out by federal state authorities, state authorities of the constituent entities of the Russian Federation, other state bodies, local governments, other municipal bodies, legal entities and individuals using automation equipment, including information and telecommunication networks.
In the summer of 2014, amendments were adopted obliging organizations to store personal data of Russians on servers located in Russia (Article 2 of Federal Law No. 242 of July 21, 2014 “On Amendments to Certain Legislative Acts of the Russian Federation regarding the clarification of the procedure for processing personal data in information and telecommunication networks ").
')
The law is strong, but it's law. It was assumed that the new rules will take effect from September 1, 2016. However, in September 2014, the State Duma Committee on Information Policy recommended approving the amendment, according to which the law was supposed to take effect on January 1, 2015. But due to the fact that the business did not have time to prepare for the entry into force of the law, in early December 2014, the State Duma finally shifted the deadline for September 2015.
The amendments affect not only online stores, social networks and organizations that provide travel services, but also all companies that in one way or another use foreign data centers in their work with personal information of citizens. That is, it can affect almost any company, since almost all organizations are engaged in the processing of personal data: at a minimum, it is the processing of their employees' data.
Personal Information
According to the Federal Law-152 (Article 3, item 1), personal data is any information relating to an individual (subject of personal data) determined or determined on the basis of such information, including surname, name, patronymic; year, month, date and place of birth; address, family, social, property status, education, profession, income and other information. Personal data refer to information of limited access and must be protected in accordance with the legislation of the Russian Federation.
Personal data is divided into four categories:
- Personal data relating to racial, nationality, political views, religious and philosophical beliefs, health, intimate life.
- Personal data that allows to identify the subject of personal data and obtain additional information about it, with the exception of those belonging to category 1.
- Personal data to identify the subject of personal data.
- Impersonal and (or) publicly available personal data.
Meanwhile, Roskomnadzor has not yet clarified what is considered personal data. For example, recently it was proposed to expand this concept to include information about users' actions on the Internet, for example, in social networks. The possibility of duplication of personal data on servers abroad remains unclear. The law does not contain specific provisions to this effect and responsibility for their violation. In the meantime, it turns out that under Russian law, any information can be considered personal data, even if we are talking about the name and surname in the e-mail system.
Personal Data Operators
The state, municipal body, legal or natural person, independently or jointly with other persons, who organizes or carries out the processing of personal data, are the operators of personal data. The processing of personal data is any action with them. In accordance with Part 1 of Art. 22 FZ-152, the operator is obliged to notify Roskomnadzor of his intention to process them prior to the processing of personal data. The exceptions are several cases described in Part 2 of Art. 22 FZ-152.
For example, personal data operators include financial and insurance organizations, retailers using loyalty programs, medical institutions, educational institutions, social institutions, representative offices of foreign companies that process personal data of Russian citizens, as well as other organizations working with individuals.
What kind of response measures will be applied to violators? This may be an administrative penalty, the inclusion of the company in the register of violators or blocking the site on which the processing of personal data. The Register of Violators of Rights of Personal Data Subjects must be maintained by Roskomnadzor, and the basis for inclusion in the list will be a valid judicial act.
Data move to Russia
Where should personal data be stored and processed? Is it possible for their operator to use the services of a third-party data center? How to personal data operators to prepare for the execution of the law? In general, the business community does not quite understand how to work under the new law - which data is personal and protected, can you have a copy of databases abroad, will the innovations affect popular foreign services related to booking rooms in foreign hotels, booking taxis, tickets and representatives of other activities that are integrated into the global information space.
Roskomnadzor began to prepare bylaws clarifying the provisions of the laws, which were ambiguously perceived by IT experts. For example, the department decided that the personal data of Russians should be stored only in Russia, although there was no such requirement in the law.
Meanwhile, the world's leading IT companies have already begun to transfer the data of their Russian users to servers located in the territory of the Russian Federation. Such companies include eBay, PayPal, AliExpress, Google, Visa and Mastercard. However, foreign Internet services do not have to transfer all the personal data of their Russian clients to Russia. Here only the data of new clients should be stored - received after September 1, when the law on their obligatory storage in the territory of Russia comes into force. This is a fairly small amount of data, which greatly simplifies the task.
According to the law FZ-242, when collecting personal data, including via the Internet, the operator is obliged to ensure the recording, systematization, accumulation, storage, updating, modification or extraction of personal data of Russian citizens using databases located in the Russian Federation. Personal data operators should not only store such information domestically, but also be registered with the relevant authorities, including indicating where the data is stored, and submitting a number of other information, to take obligations to provide information from such databases to law enforcement agencies according to the established law to the rules.
The current situation related to the law on the storage of personal data, in general, has a positive effect on the suppliers of data centers and cloud solutions. The adopted law on the storage of personal data in Russia has led to an increase in demand for data center services. According to market experts, the practice of building their own data centers in Russia by foreign companies will not be particularly popular, since they have the opportunity to place part of the workload in the territory of the Russian Federation, cooperating with major Russian providers.
In addition, there are options that allow foreign companies to remain in the legal field of the Russian Federation with minimal risks and costs. One way out is to provide cloud services that allow you to control the location of the data. It is the use of cloud data centers to minimize risks and at the same time as quickly as possible implement a set of measures to bring the mechanisms of storing and processing personal data of Russians into compliance with the requirements of the Federal Law.
In addition, in times of crisis, budgets for building your own infrastructure will be reduced, so the demand for virtual resources will increase. When renting IT resources, only consumed power is actually paid. This leads to cost optimization.
Choosing a service provider
Companies often have a rather superficial understanding of the law “On Personal Data”, have little idea how to properly protect personal data, and what it takes to pass an inspection of supervisory authorities.
Depending on the categories of personal data processed, their volume and actual threats, it is necessary to take measures to ensure their security, in particular, servers. Clients who want to fully comply with the requirements of the law and have no problems with regulatory authorities should take into account the risks of placing their servers with personal data in third-party data centers and be careful in choosing a hosting provider.
It is necessary to thoroughly check the hosting for the presence of the required FSTEC licenses for technical protection of confidential information, FSS licenses for the provision of services using encryption (cryptographic) tools, as well as the use of certified information security tools in the provision of hosting services.
It is often mistakenly thought that the data center should be certified for compliance with the FZ-152. The issue of data center compliance with the requirements of FZ-152 “On personal data” is one of the most frequently asked by customers to owners of commercial data centers. However, such certification for the data center does not exist. It is more correct to be interested in the compliance of the data center services with the technical requirements for the protection of confidential information (TKKI) with the necessary level of security .
Clients who plan to place personal data in a third-party data center can protect their personal data independently, with or without a legal adviser, or seek comprehensive data center services with personal data protection and legal services. The latter option is not yet common on the market and often does not meet all customer requirements (technical, legal or commercial).
Do not think that the acquisition of data center services that meet the requirements of the Federal Law-152 is a sufficient condition for compliance with the law. TZKI must comply with the entire information system - from the physical security of the equipment to software for storing and processing personal data. Certification for compliance with the FZ-152 is individual in nature: relevant projects include, along with the installation of software and hardware data protection tools, the audit of customer processes. At the same time, the personal data processing system and its protection complexes are certified, and not the data center itself.
In addition to the technical protection of personal data, the law imposes a number of administrative requirements, most of which are reduced to the presence in the company of certain documents that must be kept up to date. They are needed to be tested by Roskomnadzor.
Complex offers on the market, combining data center services, ensuring the technical protection of confidential data, documentation and legal advice, are still quite small. As a rule, data centers are aimed at providing technical services, but rarely provide full-fledged legal services without proper expertise.
And this is one of the reasons why, despite the obvious relevance and demand for hosting information systems that process personal data according to the requirements of the law, there are few ready-made offers in the data center services market. One of the first such offers on the Russian market was the secure virtual data center service (VDC.152) by SAFEDATA.
Secure VDC
VDC.152 is a separate, secure virtual infrastructure for hosting and processing personal data. Based on the resources of the virtual data center, the customer can create an IT infrastructure of any complexity. The VDC service is built according to the IaaS model. The VDC infrastructure is built on the basis of a network of SAFEDATA data centers , hardware and software solutions from leading manufacturers.
The VDC.152 service is intended for customers whose business processes are related to the processing and storage of personal data of Russian citizens. It was designed to meet all the requirements for these processes.
It is important that VDC.152 can provide certification of a virtualization platform, data storage systems, hypervisors and management systems, providing clients with security services based on certified security features . The customer can perform the certification of the information system independently or with the help of SAFEDATA specialists who prepare all the necessary documentation. The certification of the personal data information system based on the VDC.152 service is carried out by the licensee of the FSTEC of Russia.
The Secure Virtual Data Center service frees the personal data operator from a significant share of the cost of creating its own secure IT infrastructure. It allows customers to use IT resources and software of the provider, and highly qualified staff provides maintenance of IT infrastructure 24x7. Additional benefits for the client are that he does not need to actualize the IT infrastructure himself according to the current changes in the legislation - this is done by the data center operator.
This service is relevant for many categories of customers and types of information systems, including online stores, HR systems, marketing research systems, medical systems, billing and service management systems, etc. It can be claimed by all law-abiding personal data operators who want to bring personal data in accordance with the requirements of FZ-152.
The complex of organizational and technical measures provides comprehensive protection against various threats from the staff and from other customers of the data center. The system is ready for certification by the FSB and the FSTEC as fully complying with all the requirements for the placement of personal data, and SAFEDATA acts as a service provider providing this system using the IaaS model for personal data operators.
A secure virtual infrastructure that complies with the requirements of FZ-152 is located in the data center level TIER III (TIA-942). Protection of the elements of the ISPD infrastructure is carried out by software and hardware certified by FSTEC (non-cryptographic GIS) and FSB (cryptographic GIS).
The VDC.152 architecture includes a hardware platform (servers, network equipment), a storage area network (storage and switching equipment), and the software includes virtualization system software, a resource and virtual environment management system, virtual machines (operating system and application software) . For secure access, an encrypted tunnel (according to GOST) and equipment certified by FSTEC are used. Information protection is provided by the VipNet Coordinator HW 1000 crypto gateway and firewall, Accord-B for unauthorized access control for unauthorized access control systems for ESXi-servers, information protection tools for virtual infrastructure based on VMware vSphere systems (Accord-B for unified self-checklist for vCenter), and antivirus , firewall, intrusion detection and prevention system Trend Micro Deep Security 8.0.
It is also worth noting that the SAFEDATA group owns a network of data centers built in accordance with the requirements of the international standards TIA-942 (TIER III). SAFEDATA data centers with a total area of ​​more than 5,500 square meters. and the area of ​​technological platforms for placement of equipment of 3000 sq.m. have connection to MMTS-9 and MMTS-10, MSK-IX traffic exchange points.
Surveys show that currently most data center service providers provide for an SLA agreement with customers . In the case of a secure virtual data center from SAFEDATA, it contains specific metrics on availability, IOPS, VM access time to disk drives, technical support, etc.
Service Level VDC.152 (SLA).
In addition, one of the data centers SAFEDATA confirmed compliance with the requirements of the standard PCI DSS 3.0 in terms of physical security. This platform is open to accommodate computing facilities and network equipment of participants in the payment card industry. The service provider assumes the physical protection of the servers involved in the processing of payment transactions using bank cards. Such certification is important for customers from the financial industry.
Each operator of personal data must choose a solution that is suitable for him. VDC.152 is not only compliance with the legislation on the protection of personal data without the purchase and operation of technical means of protection (ISPD protection), but also scalability without capital costs and in a short time, continuous technical support. The VDC.152 service may be the best option for customers in a number of parameters. Moreover, the responsibility of SAFEDATA is to prepare a set of documents and services for the certification of the solution.
Our previous post:
- SAFEDATA data center: three in one. Migration Chronicles
Source: https://habr.com/ru/post/257955/
All Articles