How to properly secure a server with TeamWox in an educational institution?

I

Ivan Mironov2012-06-19 04:33:18

Project management

Ivan Mironov, 2012-06-19 04:33:18

Good day! I want to install the TeamWox
management system on my own equipment in college . Since personal data of employees (name, date of birth, addresses, phone numbers, etc.) will be used there, does this idea fall under the requirements of the 152nd Federal Law? Do you need to somehow protect this system in a special way, or is a gateway to freebsd + kaspersky ES enough + written consent of the employees whose data will be entered there?

Reply

Answer the question

In order to leave comments, you need to log in

2 answer(s)

V

Vadim, 2012-06-20
@Kpblc

I do not pretend to solve the issue, but I think you should read this material .

A

ansv, 2012-06-26
@ansv

If PD will be processed, it falls. This will be ISPD, if according to still valid documents, then class 3 is most likely.
What is fraught with ...
1. Scribble (all sorts of documents) - according to FZ-152, Government Decree No. 781.
2. Classification of ISPDn - by the "order of the three" (FSTEC / FSB / Ministry of Communications).
3. You will need a protection system. This is the threat model and requirement from FSTEC Order No. 58. Plus a limit on the funds used (below).
4. If cryptography is also required (for example, data will be sent via the Internet) - also according to the FSB documents (selection of means, development of documents).
The protection system is built on the means "that have passed the conformity assessment procedure in the prescribed manner." In practice - certified. Kaspersky certified is, with freebsd - sadder.
It should also be borne in mind that the documents will soon change, and with them the requirements. But there is little optimism - the approach most likely will not change ...