Answer the question
In order to leave comments, you need to log in
152-FZ and local copies of the database / web applications
Hello.
There was a need to install an electronic school diary on local servers in schools. In this regard, the question arose - what to do with the protection of personal data under Law 152? If hosting is not difficult to bring into line, then what about such scattered servers? The versions of the diary are almost complete, with minor changes - the local database with all personal data will be duplicated.
Deployment option 2:
- to the computers of the host organization;
on school computers.
Has anyone faced a similar issue?
Answer the question
In order to leave comments, you need to log in
To meet the requirements of the Federal Law, it is necessary to use encrypted media, extremely restrict access to the server body, and also restrict access to server access consoles. Everything is done according to the instructions by regular means of any OS.
If a copy of a part of the database gets to a computer with an access console, then it must be encrypted and disclosed only for an access session from the console.
At least, the check for compliance with the Federal Law left us satisfied with this procedure for regulating the flow of PD.
There is also a fairly simple way. Everyone who, on duty, has direct access to the database signs a non-disclosure agreement. By the way, such a decision is good, not only in connection with “compliance with Federal Law 152”, but also in general as an adequate measure of information security.
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question