Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
I
I
Ivan Streltsov2015-04-13 14:15:27
Data processing
Ivan Streltsov, 2015-04-13 14:15:27

Personal data + hosting = minimum costs?

I will briefly describe the essence of the automated system (AS):

  1. Veterinary clinics automatically upload the following data to a remote server:
    - Full name of the owner,
    - Address of the owner,
    - Phone number of the owner
    - Chip number, stamp, etc.
  2. The server receives the data and inserts it into the database
  3. If necessary, for example, you need to find the owner by a chip in an animal, a specially trained person connects to a remote server using his login and password and searches for the owner in the database through the AS web interface

According to the document "RESOLUTION dated November 1, 2012 N 1119", I determined that it is necessary to ensure the 1st level of personal data security. And you should take action:
a) automatic registration in the electronic security log of a change in the authority of the operator's employee to access personal data contained in the information system;
b) creation of a structural unit responsible for ensuring the security of personal data in the information system, or assigning functions to ensure such security to one of the structural units.

That's all? Shouldn't the server be locked up and control access to it? Is it possible to rent a server or even shared hosting? Or do you need your own with information security tools?

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

3 answer(s)
Report
N
NETChaser, 2015-04-13
@NETChaser

No.
4 security level.
Order of the FSTEC of Russia No. 21 dated February 18, 2013
8.4. Measures to protect machine media of personal data (means of processing (storage) of personal data, removable machine media of personal data) should exclude the possibility of unauthorized access to machine media and personal data stored on them, as well as
unauthorized use of removable machine media of personal data.

Report
A
Anton Nagaets, 2015-04-13
@gr1mm3r

Interpretation of Article 8 of the Federal Law.152 In principle, it allows the use of hosting services, provided
If you do not collect and process more private data like SNILS, a person's passport data, a medical history, then you can. In other cases, install your own server and certify it according to FSTEC

Report
V
Vadim Shandrinov, 2015-04-13
@suguby

It's complicated How can we protect the personal data we process on a Linux+Apache+MySQL+Django server?
In fact, everything is decided by administrative papers with seals, there are probably 20 of them, but you need to be able to draw them up ...

Similar questions
M
maximka122017-04-20 21:35:28
How to compare two xlsx files? 5Reply
T
Teamintt2021-03-30 18:56:31
How to find duplicate information? 3Reply
M
Mlsx P992015-06-04 01:06:40
Is it possible to demolish all the data at once (programs, and extensions with them ..), except for my OS (Windows 8.1), so that the OS remains clean? 1Reply
S
Sergey Gulin2017-06-08 10:29:42
How to "stream" data from monitoring? 3Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question