Are there any technical requirements to information systems for state institutions?

Question

Are there any technical requirements to information systems for state institutions?

Hello! There is an order from a Federal office on the development of systems for storing patient data. The system should be accessible through a remote server.

What are the requirements for the system and what is the server for that just perfect? If normal dedicated server from the Russian hosting?

Thank you.

Maeve_Doyle51 asked July 9th 19 at 10:48

Related questions

More answers about "Are there any technical requirements to information systems for state institutions?"

3 answers

Weston98 answered on · Answer 1 · 2019-07-09T10:50:13.737Z

Weston98 answered on July 9th 19 at 10:50

Insure usually. Use certified.

To me, as it is addressed customers - the list of requirements just Beatrix and suitable. I turned them down - too much hemorrhoids. That is, someone hurry up, certified yourself, and sneakers.

Examples of certified:
Rostelecom, the CRIC nic.ru

But if we will not write in Bitrix, but on php + Yii? So do you or do only Bitrix suitable? - Maeve_Doyle51 commented on July 9th 19 at 10:53

:
they're just hedging their bets. that is not a requirement. - Weston98 commented on July 9th 19 at 10:56

And where do you about all this to read? to understand what is mandatory and what is not a mandatory requirement - Maeve_Doyle51 commented on July 9th 19 at 10:59

Kenyatta answered on · Answer 2 · 2019-07-09T10:52:13.738Z

Kenyatta answered on July 9th 19 at 10:52

If not stored impersonal medical information is personal data of the category C1, you will need certification in FSTEC.

A listing of some certified data centers:
Who of VPS hosters have been certified in Russia FSTEC? - Maeve_Doyle51 commented on July 9th 19 at 10:55

Thank you! Do I understand correctly that if we put our system certified hosting provider, it will be enough? Or is there some kind of requirements system hosted on that server? - Weston98 commented on July 9th 19 at 10:58

: Of course the requirements are for the system itself. For example, look here - Maeve_Doyle51 commented on July 9th 19 at 11:01

: We will investigate. Thank you! - Carli commented on July 9th 19 at 11:04

: No classes (type K1) is already there since a long time. even your link says is NOT TRUE IN CONNECTION WITH the OUTPUT: the Resolution of the RF Government dated 01.11.2012 №1119 "On approval of requirements for protection of personal data during their processing in personal data information systems" - Maeve_Doyle51 commented on July 9th 19 at 11:07

Mozell.Rolfson answered on · Answer 3 · 2019-07-09T10:54:13.738Z

Mozell.Rolfson answered on July 9th 19 at 10:54

If it gosucherezhdeny, then you need to read the 17th order of FSTEC "On approval of Requirements for....
To estimate the measures that should be in your system see attachment 2 to this order and the column with the second class of security of an information system.
Just do not forget that you will have to do the certification (see clause 17 of the order).
Everything is real, but gemorno.