D
D
denn2021-06-08 21:54:02
Law in IT
denn, 2021-06-08 21:54:02

What requirements should a website / server with PD of students of educational institutions meet?

There was an order for the development of a single website for educational institutions with the entry of personal data of students / teachers. Access to the site is planned to be distributed to all teachers, parents and students. There was a question from the legal side. What are the requirements for such sites and servers on which the resource will be located?

Answer the question

In order to leave comments, you need to log in

1 answer(s)
V
Vladislav, 2021-06-11
@pr_Black

You first determine the list of personal data (only full name, full name + date of birth, address, DOI, etc.), the type of threats and, on this basis, determine the required level of information system security. Then, on the FSTEC website, select certified security tools, install them in the IS, set them up, and register with RosKomNadzor as a personal data processing operator. (Well, in the sense not to you, but to a municipal educational institution, if they do it on their own server, or to the hosting/cloud operator if the site is on someone else's hosting/cloud.)
You should read more in:
- Federal Law of July 27, 2006 N 152- Federal Law (as amended on 12/30/2020) "On Personal Data" (as amended and supplemented, effective from 03/01/2021)
- Decree of the Government of the Russian Federation of November 1, 2012 N 1119 "On approval of requirements for the protection of personal data during their processing in personal data information systems"

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question