NVision Group completed the first stage of creation of a system of personal data protection for JSC Sibiryenergo

On September 7, 2011 NVision Group completed the first stage of creation of a system of personal data protection for JSC Sibiryenergo, - the guaranteeing supplier of electrical energy in the territory of the Novosibirsk region.

Project objective was in the shortest possible time to bring an information security system of the customer into accord with law No. 152-FZ "About personal data" and also to specify the classification of the personal data information system which is earlier carried out by the customer.

Inspection of an object included the analysis of the existing processing system of personal data, determination of extent of participation and the nature of interaction of personnel among themselves in these processes, conformity assessment of the used means of protecting and also the analysis of internal regulating documents.

Development of model of threats of information security, refining of the classification of processing systems of personal data which is carried out by the customer and determination of the list of the main requirements, and also development of technical specifications on creation of an information security system became the next step.

Project works included prototyping and bench tests of an information security system, project development of a system of personal data protection and a packet of the organizational and administrative documents regulating an order of storage, use and information transfer. The executed project – an important part of long-term strategy of the customer on reduction of infrastructure in compliance with Federal law No. 152.

Specialists of NVision Group developed the project documentation on SZPDN and also the system of two-factor authentication on the basis of electronic keys of eToken which considerably strengthened process of registration of users in a system is implemented. For management of lifecycle of electronic keys it was implemented by software of SafeNet Authentication Manager, the new version of well recommended product Token Managment System.

"Thanks to a complex of scalable solutions the created system of personal data protection will allow not only to fulfill the requirements of regulators, but also it is essential to raise the overall level of security of the data circulating in information systems. For example, application of a subsystem of two-factor authentication of users on the basis of electronic keys of eToken will provide, in addition to simplicity of management of access to information resources of the company, reliable counteraction to disclosure of passwords of access" - the head of department of information security of JSC Sibiryenergo Krivchun Pavel noted.

"The regulatory base for further improvement of the existing processes of personal data protection in an execution context of requirements of the Russian legislation was as a result created and also the first stage on this hard way is implemented that considerably minimized information and financial risks of JSC Sibiryenergo - Pavel Kaminsky, the director of the branch of Nvision Group Ltd of NVision Siberia reported.