Are there technical requirements for information systems for government agencies?

I

irvdev2016-05-29 14:08:14

Law in IT

irvdev, 2016-05-29 14:08:14

Hello! There is an order from a government agency to develop a system for storing patient data. The system must be accessible via a remote server.
What are the requirements for the system itself and which server is exactly right for this? Will a regular dedicated server from Russian hosting work?
Thank you.

Reply

Answer the question

In order to leave comments, you need to log in

3 answer(s)

S

spotifi, 2016-05-29
@spotifi

Usually insured. Use certified.
Somehow, customers contacted me - the list of requirements is right only for Bitrix and it fits. I refused them - too much hemorrhoids. That is, who fussed, certified himself - that and slippers.
Examples of certified ones:
Rostelecom, Croc, nic.ru

R

Rsa97, 2016-05-29
@Rsa97

If non-anonymized medical information is stored - this is category K1 personal data, certification by the FSTEC will be required.

E

Eugene, 2016-06-01
@hokop

If this is a state institution, then you need to read the 17th order of the FSTEC "On approval of the requirements for ... For an
approximate assessment of the measures that should be in your system, see Appendix 2 to this order and the column with the second class of information system security.
So do not forget that you will have to do certification (see paragraph 17 of the order.)
Everything is real, but gemorno.