Approved by decision
Nikolaev Nikita Alekseevich
From November 12, 2016
Protocol # 4
FscoreLab Information Security Policy
General Provisions, Objectives:
1.1. FscoreLab or individual entrepreneur Nikita Nikolaev Alekseyevich Nikolaev (further-FscoreLab) is an enterprise that carries out activities in the field of data processing, construction of software and analytical complexes for public and private corporations. The implementation of this activity is related to the processing and management of information, which is an important asset of FSCoreLab’s customers, and depends on the provision of information security, which is understood as ensuring the confidentiality, integrity and accessibility of information.
1.2. Information Security Policy FscoreLab establishes the goals, objectives and approaches in the field of information security with which FscoreLab is guided in its activities.
1.3. The policy is aimed at achieving the following objectives: ensuring the continuity of the main business processes FscoreLab; minimization of possible losses, material damage, reputational risks from violations in the field of information security.
Information Security Management
2.1. To achieve these goals, FSCoreLab has implemented an information security management system (ISMS) that complies with the requirements of the Russian Federation legislation, FSCorelab’s regulatory and contractual obligations in terms of information security; current Risk Management Policy.
2.2. The FSCoreLab ISMS is documented in this Policy, in the rules, procedures, work instructions that are mandatory for all FscoreLab employees in the scope of the system. The documented requirements of the ISMS are communicated to the employees of the company.
2.3. All information assets of FscoreLab, including hardware, software, information resources, physical media in the form of hard and ssd disks, flash cards, personnel, are subject to accounting and categorization in accordance with their importance and degree of access.
2.4. In accordance with established procedures in the field of risk management, a regular assessment of information security risks is carried out. When it is conducted, the probability of information security threats and the degree of their impact on the business processes, financial condition and business reputation of FscoreLab are taken into account.
2.5. Based on the results of the information security risk assessment, management tools are selected and applied to protect information, including organizational, physical, technical, software and firmware for ISMS provision.
2.6. To ensure the physical protection of information under the control of FscoreLab within the scope of the ISMS (the office located at St. Petersburg, Katernikov 7A, security zones are established and measures are taken to prevent unauthorized access to workstations and storage media of FSCoreLab customers. seeks to identify, take into account and respond to incidents in the field of information security in accordance with established procedures.
2.8. Since, the specificity of FscoreLab’s work is related to the confidential information of customers, the company carries out procedures of depersonalization and / or special data modification in order to minimize risks.
2.9. FscoreLab employees gain access to the information that is required to fulfill their functional duties. Access to unreformed / uninformed information in FscoreLab is available only to beneficial owners. FscoreLab informs, educates and improves the skills of employees in the field of information security and data encryption in accredited training centers that have agreed programs with the FSB, FSTEC, UMO IB of the Russian Federation. FscoreLab has in staff on a permanent basis not less than 2 employees who have undergone professional retraining “Information Security”.
3.1. The management of FscoreLab carries out general management of information security and provides the necessary conditions for: implementation of measures to assess information security risks and protect information; maintenance, monitoring, analysis and continuous improvement of the information security management system; regular training of employees in the field of information security.
3.2. Employees FscoreLab are personally responsible for compliance with the requirements of the ISMS documents and are required to report all identified violations in the field of information security management in the face of the technical director FscoreLab.
3.3. In labor contracts and job descriptions of employees, responsibility for the safety of official documentation and the confidentiality of information that has become known by virtue of the performance of their duties is established.
3.4. FscoreLab does not use the information received from Customers for commercial purposes, not fixed in contracts and provides data confidentiality.
4.1. Nikolaev Nikolaev declares his approval of this Policy, which is announced, distributed, implemented and maintained at all levels of FscoreLab. 4.2. Information Security Policy FscoreLab is a public document that can be provided to all interested parties and posted on the official Fscorelab website.