How to protect the data in the CRM from the point of view of the law and not only?
The planned creation of a CRM for the printing of contracts, accounting of the history of customer requests, gathering statistics of its sales, etc. in the Saas model.
I read a bunch of articles on habré about FSTEC, protection of PD, but did not understand whether there are specific legal requirements for such CRM?
PHP +Mysql On Centos VPS
- SSL certificate. I read somewhere that we need guests, and it from 30 to a year, really?))
- access rights within CRM
- authorization by login and password
- after three unsuccessful password attempts limit on the next attempt in 15 minutes by IP user
- logs the actions of each user
on a separate organization has its own Mysql DB
need a notification to Roskomnadzor? The receipt of any licenses?
To lov is to say, not found on the websites of sectoral systems of any protection information in accordance with the requirements of FSTEC and the FSB, and at the same AmoCRM not found. In the end, needed or not? And what security to take into account?
adrianna.Collier answered on April 3rd 20 at 18:27
Read FZ 152. Against legal entities separate things.
christ answered on April 3rd 20 at 18:29
Let's start with the question of who will have access to the CRM - only the author (the program for their own use), only employees of the organization (separately - "only from local area businesses" or "around the world") or by third parties.