1. Main
  2. Cloud powered by VMware
  3. Federal Law 152 cloud

Federal Law 152-FZ Cloud for VMware

Cloud infrastructure that complies with the requirements of Federal Law 152‑FZ “On Personal Data”. Our Cloud powered by VMware ensures Level 1 protection (the maximum possible level) for personal data (PD) processing.

Infrastructure for PD of any protection level

Public Cloud

Solution for Level 3 and 4 personal data protection. Suitable for most personal data processing systems (PDPSs).

Calculate Price

Physically isolated cloud with extra protection tools. Processing of personal data up to Level 1 protection (the maximum). Suitable for hosting medical records and other categories of sensitive data.

Submit Request

We’ll handle the paperwork

If you decide to work with Selectel, we’ll share with you the following set of documents. This will simplify the process of registering your company as a Personal Data Operator in the Register of the Federal Service for Supervision of Communications, Information Technology and Mass Media (Roskomnadzor).

Act of assessment of the effectiveness of measures taken to ensure the security of personal data

Download the Act

Personal Data Processing Assignment Contract

Request the Contract

We’ll help you determine the protection level

Uncertain of how to assess the protection level of your personal data? See the table or ask our specialists.

Reliable solution for personal data processing

FSTEC and FSS Licenses

Selectel possesses all the licenses required to ensure the technological protection of confidential information, including the use of cryptographic data protection tools.

Flexible scaling

Optimize the existing cloud infrastructure at any time by adding extra computing, storage or network assets. It is also possible to create hybrid systems and host part of the infrastructure on dedicated servers in the Certified Data Center.

VMware functionality

A fully functional cloud system based on VMware technology: vCloud Director® and access to enhanced NSX® features. Selectel is a VMware Cloud Verified partner. This status guarantees the highest quality of our infrastructure.

Why Selectel

SLA

We assume financial liability for cloud service availability.

Cloud infrastructure security

We implement organizational and technical security measures as per Order No. 21 of the FSTEC of Russia.

Clearly defined areas of responsibility

We ensure clear definition of areas of responsibility to comply with the requirements of PD processing security.

Public cloud resource calculator

Connection error. Please retry or try again later.

Ensure the security of your personal data

Fill out the form and we’ll get back to you within the same business day.

You can always get a free consultation by calling us on 8 (800) 555 06 75 or sending an e-mail to sales@selectel.ru.

Agree with the processing of personal data

FAQ

Would it be sufficient to host our system in the Russian Federation in order to meet the technical requirements of Federal Law No. 152-FZ?

No. Hosting your system in the Russian Federation would only allow you to meet the requirements of Federal Law No. 152-FZ for the localization of personal data. Your information systems need to be protected by the technical measures stipulated by FSTEC Order No. 21 in your area of responsibility.

What should we do to meet the requirements of Federal Law No. 152-FZ?

You must implement the measures set out in articles 18.1 and 19 of Federal Law No. 152-FZ within your organization and each of its personal data processing systems.

How can we determine the level of personal data protection?

There are 4 protection levels (PL). To determine your level, you need to know whose data, which categories of data, and the volume of data you are processing, as well as the type of relevant threats.

Relevant threats are conditions and factors that create the risk of unauthorized access to personal data (PD). There are 3 types of threats:

  • Type 1 threats are related to undocumented (undeclared) features in the system software.
  • Type 2 threats are related to undocumented (undeclared) features in the application software.
  • Type 3 threats are not related to undocumented (undeclared) features in the system software and application software.
Personal Data CategoriesCategories of Personal Data SubjectsNumber of Personal Data SubjectsType of Relevant Threats
Type 1Type 2Type 3

Special

Personal data related to race, ethnic origin, political views, religious or philosophical beliefs, health, and private life.

Not employees of the operatorMore than 100 000PL-1PL-2PL-3
Less than 100 000PL-1PL-2PL-3
Employees of the operatorAnyPL-1PL-2PL-3

Biometric

Personal data that describe physiological and biological characteristics of individuals that make it possible to identify such individuals, and that are used by the operator to identify personal data subjects.

Not employees of the operatorMore than 100 000PL-1PL-2PL-3
Less than 100 000PL-1PL-2PL-3
Employees of the operatorAnyPL-1PL-2PL-3

Other

Personal data that are directly or indirectly related to a specific or identifiable individual and not related to the above categories.

Not employees of the operatorMore than 100 000PL-1PL-2PL-3
Less than 100 000PL-1PL-3PL-4
Employees of the operatorAnyPL-1PL-3PL-4

Publicly available

Personal data obtained from public sources where this data was published with the written consent of the personal data subject.

Not employees of the operatorMore than 100 000PL-2PL-2PL-4
Less than 100 000PL-2PL-3PL-4
Employees of the operatorAnyPL-2PL-3PL-4

Reference table to determine the protection level

What data refers to special personal data categories?

Data related to race, ethnic origin, political views, religious or philosophical beliefs, health, and private life.

In most cases, you need the written consent of the personal data subject in order to process special categories of personal data.

How can we confirm compliance with Federal Law No. 152-FZ? What document do we need: an Act of assessment of the effectiveness of measures taken to ensure the security of personal data or certificate?

In most cases, commercial companies can confirm their compliance with the requirements of Federal Law No. 152-FZ by presenting an effectiveness assessment report without certification testing. Companies that have the appropriate competencies can do this themselves.

Certification is mandatory for state and municipal systems. Commercial entities may require certification, for example, if they are connecting to state systems or need to comply with contract requirements (in these cases, certification is carried out on a voluntary basis). The certification is carried out by an FSTEC licensee and imposes a number of additional restrictions on the information system.

How can we assign the processing of personal data to Selectel?

To legally process personal data by a third-party company, you need to sign a Personal Data Processing Assignment Contract in accordance with article 6 of Federal Law No. 152-FZ. To do this, create a ticket in the control panel and provide the following information:

  • personal data categories;
  • categories of personal data subjects;
  • level of personal data protection.

Based on this information, we will prepare the assignment for personal data processing, which can be signed through the electronic document flow system.

What should I enter in the Data Center Address field of the notice to Roskomnadzor?

When you submit a notice to Roskomnadzor for an information system that processes personal data in Cloud powered by VMware, provide the following details:

Country: Russia

Data Center Address (this depends on the location providing you with cloud-based resources):

  • MSK-1: 36 Berzarina St., b. 3, Moscow
  • SPB-1: 1 Sovetskaya St., Dubrovka urban-type settlement, Leningrad region
  • SPB-DR1: 1 Sovetskaya St., Dubrovka urban-type settlement, Leningrad region; and 28 Kolya Tomchak St., letter K, Saint Petersburg
  • MSK-DR1: 36 Berzarina St., b. 3, Moscow; and 69 Aviamotornaya St., Moscow

In-House Data Centers: n/a

Type of Organization: Legal entity

Legal Form: Limited Liability Company

Name of Organization: Selectel

OGRN (Primary State Registration Number): 1089847357126

INN (Taxpayer Identification Number): 7842393933

Country of Location: Russia

Address of Location: 21 Tsvetochnaya St., letter A, Saint Petersburg

What is personal data?

According to the Law “On Personal Data”, this is any information relating directly or indirectly to a specific or identifiable individual (personal data subject). In other words, data on a person that makes it possible to identify them, or data on an already identified person (such as full name and passport details).