Skip to main content
Implementation of physical security measures on the Selectel side
Last update:

Implementation of physical security measures on the Selectel side

The list of physical security measures to be taken when placing the infrastructure in A data centers is defined by Order No. 17 of the FSTEC of Russia dated February 11, 2013 and Order No. 21 of the FSTEC of Russia dated February 18, 2013.

Areas of responsibility

Selectel

Selectel implements some of the physical security measures that are in its area of responsibility In accordance with Annex 2 to the Terms of Use.

Content of information security measuresImplemented in Selectel
UPD.4 (with amplification)

Separation of powers (roles) of users, administrators and persons ensuring the functioning of the information system

Separated the roles of information security administrators and support staff and described them in the company's internal documentation

UPD.5.

Assignment of minimum necessary rights and privileges to users, administrators and persons ensuring the functioning of the information system

Assigned minimum required rights and privileges according to job responsibilities and described job duties and roles in internal company documentation

RSB.1 (with amplification)Determination of security events to be recorded and their retention periodsThe company's internal documentation defines recordable physical security events and their retention periods
RSB.2 (with amplification)Determination of the composition and content of information on security events to be recorded

The company's internal documentation defines the composition and content of information on physical security events to be recorded

RSB.3 (with amplification)Collecting, recording and storing security event information for a specified retention time

Collect, record, and store physical security event information for a set amount of time.
Provide centralized, automated management of information collection, recording and storage

RSB.5 (with reinforcement)Monitoring (viewing, analyzing) the results of security event registration and responding to them

Review and analyze the results of physical security event logging and response.
Described monitoring rules and procedures in the company's internal documentation

RSB.7 (with amplification)Protecting security event information

Protecting physical security event information:
- only responsible employees have access to audit records and management functions;
- audit records are backed up

CCT.1Use of fault-tolerant technical means

We use fault-tolerant hardware in our data center infrastructure:
- determined the limit values of availability and reliability characteristics;
- recorded values of availability and reliability characteristics under conditions of use;
- monitor the current values of availability and reliability characteristics;
- replace funds that reach the limit value

CCT.2.

Redundancy of technical means, software, information transmission channels, means of ensuring the functioning of the information system

We apply redundant technical means, information transmission channels and means of ensuring operation. The entire data center infrastructure is reserved.
Described reservation policies and procedures in the company's internal documentation

CCT.3 (with amplification)

Control of failure-free operation of technical means, detection and localization of failures, taking measures to restore failed means and their testing

Controlling the uptime of data center infrastructure:
- detect and localize failures;
- take measures to recover failed assets and test them

CCT.7

Control over the state and quality of provision of computing resources (capacities), including information transmission, by the authorized person

Provide condition monitoring and quality assurance of resources that are placed on engineering infrastructure resources

ZTS.2.

Organization of a controlled area within which stationary technical means processing information and information protection means are permanently located, as well as means to ensure the functioning of the following

Organized a controlled area with permanent placement of engineering infrastructure components

ZTS.3.

Control and management of physical access to technical means, information protection means, means of ensuring the functioning of the information system, as well as to the premises and facilities in which they are installed, excluding unauthorized physical access to information processing means, information protection means and means of ensuring the functioning of the information system, to the premises and facilities in which they are installed

We control physical access to infrastructure components and technical means hosted on its base:
- identified a list of persons with clearance;
- maintain physical access records;
- described the physical access management rules and procedures in the company's internal documentation

ZTS.5

Protection against external influences (environmental influences, instability of power supply, conditioning and other external factors)

Located in data centers that meet Tier III requirements. They provide:
- prompt restoration of power supply and air conditioning system;
- compliance with fire safety measures;
- Compliance with equipment operating conditions and environmental conditions

INZ.1.Identify those responsible for identifying and responding to incidentsIdentified a list of those responsible for identifying and responding to physical security incidents
INZ.2.Detection, identification and recording of incidentsFind, identify and record physical security incidents
INZ.3.

Timely informing the persons responsible for identifying and responding to incidents about the occurrence of incidents in the information system by users and administrators

Staff who are involved in the provision and operation of the service report physical security incidents to those responsible in a timely manner

INZ.4.

Incident analysis, including identification of sources and causes of incidents, and assessment of their consequences

In the event of a physical security incident, analyze the sources and causes of the incident, and assess the consequences

INZ.5.Taking measures to eliminate the consequences of incidentsIn the event of a physical security incident, we take remedial action
INZ.6.Planning and taking measures to prevent the recurrence of incidents

In the event of a physical security incident, plan and take action to prevent recurrence

UKF.1.

Identification of persons authorized to make changes to the configuration of the information system and information protection system

Identified a list of employees who can make changes to the engineering infrastructure
UCF.2.Management of changes in the configuration of the information system and information protection systemDescribed the process for managing configuration changes in the company's internal documentation
UCF.3.

Analysis of the potential impact of planned changes in the configuration of the information system and information protection system on information security and coordination of changes in the configuration of the information system with the official responsible for ensuring information security

Analyze the potential impact of the planned changes on information security and coordinate the changes with the security officer

UCF.4.

Documentation of information (data) on changes in the configuration of the information system and information protection system

Document information on changes in the engineering infrastructure in accordance with the company's internal documents

User

Using Selectel's Attested Data Center Segment service will allow you to implement some of the security measures in the area of responsibility client.

Content of information security measuresImplementation in the customer's area of responsibility
UPD.3.

Management (filtering, routing, connection control, unidirectional transmission and other control methods) of information flows between devices, segments of the information system, as well as between information systems

We provide the service with the condition of server connection via dedicated firewall. The use of a firewall allows the user to fulfill the requirement to manage information flows

VMS.17.

Partitioning the information system into segments (information system segmentation) and ensuring protection of perimeters of information system segments

We provide the service with the condition of server connection via dedicated firewall screen. The use of a firewall allows the user to fulfill the requirement to partition the information system into segments and provide perimeter protection for the segment's perimeter

ZNI.1.Accounting for machine-readable data carriersKeep records of disks used in dedicated servers leased by the client
ZNI.2.Managing access to machine storage media

We manage access to premises where technical facilities, including machine data carriers, are located:
- identified a list of employees who have physical access;
- described access rules and procedures in the company's internal documentation

ZNI.8.

Destruction (erasure) of information on machine media during their transfer between users, to third-party organizations for repair or disposal, as well as destruction (erasure) control

Destroy information on machine-readable media:
- in case of refusal of the service, using a method ensuring impossibility of information recovery;
- in case of media decommissioning using HDD and SSD disks recycling means that ensure impossibility of disk and information stored on it recovery.
Described the destruction procedure and destruction control in the company's internal documentation