Skip to main content

Compliance with Security Standards

Last update:

International standards and Russian legislation

Selectel infrastructure complies with international standards and Russian legislation on information security and personal data protection. More information about the conclusions and certificates confirming compliance with security requirements can be found on the Security page on selectel.ru.

Existing Selectel clients can obtain additional documents certifying compliance with the appropriate standards:

  • FSTEC orders: threat assessment results;
  • PCI DSS: AOC, responsibility matrix;
  • GOST 57580: responsibility matrix;
  • SOC 2: report.

To request additional documents, create a ticket.

We confirm that Selectel products comply with security standards and legislative requirements with certificates, accreditations, audit reports, and conclusions — learn more in the Product Information Security Compliance Matrix section.

Product Information Security Compliance Matrix

You can download certificates, attestations, audit reports, and conclusions on the Security at Selectel page on selectel.ru.

Colocation (placing server equipment)Dedicated ServersSelectel Cloud PlatformS3 (S3)Managed DatabasesManaged Kubernetes (MKS)Container Registry as a Service (CRaaS)Dedicated servers in the A-Data CenterAttested segment of the Selectel Cloud Platform and S3Cloud powered by VMware, including DaaS
FSTEC Order No. 21 (152‑FZ)Efficiency assessment report, UZ-1Efficiency assessment report, UZ-1Efficiency assessment report, UZ-1Efficiency assessment report, UZ-1Efficiency assessment report, UZ-1Efficiency assessment report, UZ-1Efficiency assessment report, UZ-1Efficiency assessment report, UZ-1Attestation, UZ-1Efficiency assessment report, UZ-1
FSTEC Order No. 17 (GIS)Attestation, K1
AS GuidelineAttestation, 1GAttestation, 1G
GOST 57580Conclusion (R=0.91)Conclusion (R=0.91)Conclusion (R=0.91)Conclusion (R=0.91)Conclusion (R=0.91)Conclusion (R=0.91)Conclusion (R=0.91)Conclusion (R=0.92)Conclusion (R=0.92)
ISO 27001, 27017, 27018, GOST R ISO/IEC 27001CertificateCertificateCertificateCertificateCertificateCertificateCertificateCertificateCertificate
PCI DSSPCI DSS 4.0.1 Service Provider CertificatePCI DSS 4.0.1 Service Provider CertificatePCI DSS 4.0.1 Service Provider CertificatePCI DSS 4.0.1 Service Provider CertificatePCI DSS 4.0.1 Service Provider CertificatePCI DSS 4.0.1 Service Provider CertificatePCI DSS 4.0.1 Service Provider CertificatePCI DSS 4.0.1 Service Provider CertificatePCI DSS 4.0.1 Service Provider Certificate
GDPRPossibility to conclude DPA and SCC with the clientPossibility to conclude DPA and SCC with the clientPossibility to conclude DPA and SCC with the clientPossibility to conclude DPA and SCC with the clientPossibility to conclude DPA and SCC with the clientPossibility to conclude DPA and SCC with the clientPossibility to conclude DPA and SCC with the clientPossibility to conclude DPA and SCC with the clientPossibility to conclude DPA and SCC with the clientPossibility to conclude DPA and SCC with the client
SOC 2® Type IReport

Personal data

In accordance with the requirements of 152-FZ and GDPR, you may entrust Selectel with the processing of personal data. The list of actions with personal data performed by Selectel as a processor on your behalf: storage, destruction. To conclude a 152-FZ delegation agreement or a GDPR DPA and SCC, create a ticket.

Types of information security tools according to security levels and GIS classes

The table summarizes the basic composition of required information security tools (IS tools) that Selectel can provide as services.

The composition of information security tools for a personal data information system (PDIS) can be modified based on technical specifics of the system, threat models, and the information security intruder model.

The need for cryptographic protection for PDIS is determined by the threat model and depends on the ability to neutralize threats using other measures. Cryptographic protection for GIS is always used, regardless of the system's security level and class, if the system meets one or more of the following conditions:

  • communication channels that extend beyond the controlled zone exist;
  • information can only be protected using cryptographic information security tools;
  • legal validity of electronic documents and their protection against alteration is required.

The decision regarding the adequacy of applied information security tools is made by the information system owner or the FSTEC licensee conducting the attestation.

Personal Data Information System (PDIS) security level (FSTEC-21)GIS class (FSTEC-17)Information security tools available from Selectel
SL 4SL 3SL 2SL 1C 3C 2C 1

Protection against unauthorized access

The choice of security tool depends on the OS on the server.
For Windows Secret Net Studio, for Linux Secret Net LSP
Trusted bootDallas Lock SIS *.
Sobol Hardware-Software Module **
FirewallingUserGate.
Host-based firewall included in Secret Net Studio and Secret Net LSP
Antimalware protectionKaspersky.
Antivirus protection module included in Secret Net Studio
IDS/IPSIntrusion detection system included in UserGate.
Host-based IDS included in Secret Net Studio
Vulnerability identificationVulnerability Scanning service
Cryptographic protectionGOST-VPN service
SIEMRuSIEM, provided as a license
Anti-DDoS
WAF

The need for anti-DDoS tools depends on the types of threats		Free basic Selectel protection against L3-L4 DDoS attacks.
Partner solutions — L3-L7 protection from DDoS-Guard and Curator.
WAF tools
Backup systemCloud backup.
Dedicated server backup.
Cyber Backup Cloud

* Dallas Lock SIS holds an FSTEC of Russia certificate and can be used for system attestation according to GIS data protection requirements.

** Sobol hardware-software module holds FSB and FSTEC of Russia certificates and can be used to increase the cryptographic protection class to KC2 and KC3.