152-FZ and local copies of the database / web applications

M

Matsarello2011-05-20 19:43:58

Law in IT

Matsarello, 2011-05-20 19:43:58

Hello.

There was a need to install an electronic school diary on local servers in schools. In this regard, the question arose - what to do with the protection of personal data under Law 152? If hosting is not difficult to bring into line, then what about such scattered servers? The versions of the diary are almost complete, with minor changes - the local database with all personal data will be duplicated.

Deployment option 2:
- to the computers of the host organization;
on school computers.

Has anyone faced a similar issue?

Reply

Answer the question

In order to leave comments, you need to log in

2 answer(s)

A

Alexander, 2011-05-21
@Matsarello

To meet the requirements of the Federal Law, it is necessary to use encrypted media, extremely restrict access to the server body, and also restrict access to server access consoles. Everything is done according to the instructions by regular means of any OS.
If a copy of a part of the database gets to a computer with an access console, then it must be encrypted and disclosed only for an access session from the console.
At least, the check for compliance with the Federal Law left us satisfied with this procedure for regulating the flow of PD.

L

lesha_penguin, 2011-05-21
@lesha_penguin

There is also a fairly simple way. Everyone who, on duty, has direct access to the database signs a non-disclosure agreement. By the way, such a decision is good, not only in connection with “compliance with Federal Law 152”, but also in general as an adequate measure of information security.