1. Main
  2. Solutions
  3. Personal Data Protection System

PDPS

Creating a Personal Data Protection System

Reliable personal data protection builds trust between the company and its audience. When choosing a product or solution, potential customers prefer a company that guarantees the security of their personal information to one that fails to do so.

The risks involve not only the loss of potential customers. Violation of the law on personal data may result in severe fines and even blocking of online resources.

To prevent this and enable you to create information systems compliant with Federal Law No. 152-FZ, Selectel will take on part of the work with personal data.

We will provide infrastructure protected in accordance with the requirements of Federal Law No.152-FZ, bring your information systems into line with the law “On Personal Data”, implement a set of organizational, legal, and technical operations, and organize the continuous administration of the system.

Аттестованный ЦОД
Аттестованный ЦОД

Processing of Personal Data by the Rules

Secure your customers' personal data by storing them in Selectel’s protected infrastructure. The requirements apply to the activities of personal data controllers and the processes of receiving and transferring personal data, as well as to the information systems in which such data are processed. Responsibility for components will be shared between the customer and provider.

Select a solution

For Information Systems

Based on Selectel Infrastructure

MedicineFinanceMarketing Systems, CRMRetailLogisticsPublic Sector

Stages of Building a Personal Data Protection System

for Each Information System (IS)

1.

Host information systems in Selectel

We will select the appropriate IT infrastructure depending on the security requirements of your information system, including dedicated servers in the Certified Data Center Segment or a VMware-based cloud compliant with the requirements of Federal Law No. 152-FZ.

The data centers hosting the IT infrastructure are located in Russia, which is a prerequisite for compliance with the requirements of the law on the localization of personal data.

The provided infrastructure, which comes under the responsibility of Selectel, has been assessed to evaluate the effectiveness of the measures applied to ensure the security of personal data in accordance with Federal Law No. 152-FZ.

2.

Conduct an audit of the personal data information system

Check compliance with legal requirements in the area of personal data (PD) processing and protection.

To Do Checklist

  • Review business processes and identify those involving personal data processing.
  • Identify the information systems that process personal data.
  • Describe the measures to be taken and the information protection tools to be used.
  • Clarify the list of personal data, the means of acquiring them, and the goals and legality of processing them.
  • Determine the required level of personal data protection and the applicable legal requirements.
  • Prepare the documents regulating the processes for personal data processing based on the characteristics of the information system (SaaS, online store, web project, corporate system, etc.)

Deliverables

  • Report on the survey describing the processes for personal data processing and the level of their compliance with the legal requirements.
  • Organizational and administrative documentation on personal data (PD) processing. Depending on your task and the measures already implemented, this can be prepared for a single information system or for the company as a whole and for all information systems.
3.

Design the personal data protection system

Following the audit of the personal data information system (PDIS), identify current security threats, prepare design documentation for the PDIS protection system, and generate the specifications for protection tools.

To Do Checklist

  • Identify current information security threats.
  • Design a security system that will be adapted to your infrastructure and its administration processes in accordance with legal requirements.
  • Select the required protection tools, including those certified by FSTEC. Check their compatibility with your IT infrastructure and applications.
  • Prepare a plan for migration to secure infrastructure.
  • Calculate the cost of implementing the security system based on the IT infrastructure.

Deliverables

  • Technical design document:
    • implementation scheme for the protection system,
    • specification (composition) of protection tools to be applied,
    • specification (composition) of services implementing measures for ensuring personal data security.
  • Calculation of implementation costs and assessment of the protection system’s effectiveness.
4.

Get the necessary protection tools or information security services

We will provide you with information protection tools in accordance with the specifications drawn up at the design stage. We will help you with configuration and maintenance as part of the continuous administration of information protection tools.

To Do Checklist

  • Buy or rent the necessary information protection tools stipulated by the specifications developed at the design stage.
  • If you do not have information security specialists, you can use Selectel services with 24/7 administration.

Deliverables

  • The connected services and the configured information protection tools implement the required security measures.
5.

Assess the effectiveness of measures taken to ensure personal data security

The effectiveness of measures taken as part of the personal data protection system to ensure information security is assessed prior to the commissioning of the information system at least once every three years.

To Do Checklist

  • Test the system and assess the effectiveness of the protection measures in place.

Deliverables

  • Assessment report on the effectiveness of the personal data protection system.
6.

Certify your information system for compliance with legal requirements (if required)

In some cases (for example, when working with government information systems), the effectiveness of measures in place must be assessed in the form of certification. Such certification may only be conducted by a properly licensed organization. Even if certification is not mandatory in a particular case, it guarantees the correct implementation of legal requirements.

To Do Checklist

  • Organize the certification of the information system by FSTEC licensees.

Deliverables

  • Certificate of conformity of your PDIS to the information security requirements.

Benefits of Designing a Personal Data Protection System in Selectel

FSTEC and FSB Licenses

We have the required licenses for designing a personal data protection system and providing data protection services, including those involving the use of cryptographic data protection tools.

Infrastructure That We Know All About

Your information systems are hosted on Selectel infrastructure. Nobody knows it better than we do, which means that we can select a solution to protect your information with consideration for the compatibility of different security tools and using services to protect against unauthorized access.

Reliable Partners

The protection system will be created using tools from world leaders and the best Russian manufacturers.

We use FSTEC licensees for certification. They will confirm the adequacy of measures taken for personal data protection.

Qualification of Specialists

For more than 10 years, our employees have been creating personal data protection systems compliant with legal requirements, helping personal data controllers pass external audits and inspections by Roskomnadzor, and implementing network security and server infrastructure protection systems.

Calculate the cost of creating an information protection system and meeting the requirements of Federal Law No. 152-FZ

DescriptionResponsibilityPriceTime frame
Provision of IT infrastructureSelectelfrom ₽2,000 per monthImmediately
PDIS auditCustomer
PDPS designCustomer
Required protection tools or information security servicesSelectelfrom ₽3,000 per month7-14 days
Assessment of effectivenessCustomer
DescriptionResponsibilityPriceTime frame
Provision of IT infrastructureSelectelfrom ₽2,000 per monthImmediately
PDIS auditBy a contractorfrom ₽180,00020-30 days
PDPS designBy a contractorfrom ₽200,00015-25 days
Required protection tools or information security servicesSelectelfrom ₽3,000 per month7-14 days
Assessment of effectivenessBy a contractorfrom ₽60,0005-15 days
DescriptionResponsibilityPriceTime frame
Provision of IT infrastructureSelectelfrom ₽12,000 per month3-5 days
PDIS auditCustomer
PDPS designCustomer
Required protection tools or information security servicesSelectelfrom ₽3,000 per month7-14 days
Assessment of effectivenessCustomer
DescriptionResponsibilityPriceTime frame
Provision of IT infrastructureSelectelfrom ₽12,000 per month3-5 days
PDIS auditBy a contractorfrom ₽180,00020-30 days
PDPS designBy a contractorfrom ₽200,00015-25 days
Required protection tools or information security servicesSelectelfrom ₽3,000 per month7-14 days
Assessment of effectiveness (certification of the PDIS, if required)By a contractorfrom ₽120,0005-15 days

Prices for all services include 20% VAT

Order a solution

Do you have other questions on protecting your PDIS?

Ask our data protection specialists. They will give you advice and help you select a solution.

Call +7 800 555 06 75 or e-mail sales@selectel.ru for a free consultation.

Agree with the processing of personal data