Compliance with safety standards
International standards and Russian legislation
Selectel's infrastructure complies with the requirements of international standards and Russian legislation on information security and personal data protection. For more information about the conclusions and certificates confirming compliance with security requirements, see the Security page on selectel.ru.
Existing Selectel customers can obtain additional documents to the appropriate standards:
- FSTEC orders: threat assessment results;
- PCI DSS: AOC, Responsibility Delineation Matrix;
- GOST 57580: matrix of delineation of responsibilities;
- SOC 2: Report.
To request additional documents, create a ticket.
The compliance of Selectel products with security standards and legal requirements is confirmed by certificates, attestations, certificates and opinions — for more details see the Matrix of Product Compliance with Information Security Requirements subsection.
Matrix of product compliance with information security requirements
You can download certificates, attestations, certificates and opinions on the Selectel Safety page on selectel.ru.
Personal data
In accordance with the requirements of 152-FZ and GDPR, you can entrust Selectel with the processing of personal data. The list of actions with personal data that Selectel performs as a processor under the assignment: storage, destruction.To conclude an assignment under the 152-FZ or DPA, SCC under GDPR, create a ticket.
Types of protection systems according to security levels and GIS classes
The table shows the basic composition of the required information security features (ISPs) that Selectel can provide as a service.
The composition of a protection system for personal data information system (PDIS) can be changed depending on the technical features of the system, threat models and information security violator.
The need for cryptographic protection for ISPDN is determined by the threat model and depends on the ability to neutralize threats by other means.Cryptographic protection for GIS is always used regardless of the security level and class of the system, if the system fits one or more conditions:
- there are communication channels that extend beyond the controlled area;
- information can only be protected with the use of encryption;
- legal significance of electronic documents and their protection against counterfeiting.
The decision on the sufficiency of the applied protection systems is made by the owner of the information system or the FSTEC licensee who conducts the certification.
*
The Dallas Lock SPD is certified by the Federal Service for Technical and Export Control of Russia and can be used to certify systems for GIS data protection requirements.
**
Sobol PAC has certificates of FSB and FSTEK of Russia and can be used to upgrade the cryptographic protection class to KS2 and KS3 classes.