Implementation of physical security measures on the Selectel side

Last update: May 27 2025

Implementation of physical security measures on the Selectel side

The list of physical security measures to be taken when placing the infrastructure in A data centers is defined by Order No. 17 of the FSTEC of Russia dated February 11, 2013 and Order No. 21 of the FSTEC of Russia dated February 18, 2013.

Areas of responsibility⁠

Selectel⁠

Selectel implements the portion of the physical security measures that are within its area of responsibility in accordance with Schedule 2 of the Terms of Use.

	Content of information security measures	Implemented in Selectel
UPD.4 (with amplification)	Separation of powers (roles) of users, administrators and persons ensuring the functioning of the information system	Separated the roles of information security administrators and support staff and described them in the company's internal documentation
UPD.5.	Assignment of minimum necessary rights and privileges to users, administrators and persons ensuring the functioning of the information system	Assigned minimum required rights and privileges according to job responsibilities and described job duties and roles in internal company documentation
RSB.1 (with amplification)	Determination of security events to be recorded and their retention periods	The company's internal documentation defines recordable physical security events and their retention periods
RSB.2 (with amplification)	Determination of the composition and content of information on security events to be recorded	The company's internal documentation defines the composition and content of information on physical security events to be recorded
RSB.3 (with amplification)	Collecting, recording and storing security event information for a specified retention time	Collect, record, and store physical security event information for a set amount of time. Provide centralized, automated management of information collection, recording and storage
RSB.5 (with reinforcement)	Monitoring (viewing, analyzing) the results of security event registration and responding to them	Review and analyze the results of physical security event logging and response. Described monitoring rules and procedures in the company's internal documentation
RSB.7 (with amplification)	Protecting security event information	Protecting physical security event information: - only responsible employees have access to audit records and management functions; - audit records are backed up
CCT.1	Use of fault-tolerant technical means	We use fault-tolerant hardware in our data center infrastructure: - determined the limit values of availability and reliability characteristics; - recorded the values of availability and reliability characteristics under conditions of use; - monitor the current values of availability and reliability characteristics; - replace funds that reach the limit value
CCT.2.	Redundancy of technical means, software, information transmission channels, means of ensuring the functioning of the information system	We apply redundant technical means, information transmission channels and means of ensuring the functioning.The entire infrastructure of the data center is reserved. Described reservation policies and procedures in the company's internal documentation
CCT.3 (with amplification)	Control of failure-free operation of technical means, detection and localization of failures, taking measures to restore failed means and their testing	Control the uptime of the data center infrastructure: - detect and localize malfunctions; - take measures to recover failed assets and test them
CCT.7	Control over the state and quality of provision of computing resources (capacities), including information transmission, by the authorized person	Provide condition monitoring and quality assurance of resources that are placed on engineering infrastructure resources
ZTS.2.	Organization of a controlled area within which stationary technical means processing information and information protection means are permanently located, as well as means to ensure the functioning of the following	Organized a controlled area with permanent placement of engineering infrastructure components
ZTS.3.	Control and management of physical access to technical means, information protection means, means of ensuring the functioning of the information system, as well as to the premises and facilities in which they are installed, excluding unauthorized physical access to information processing means, information protection means and means of ensuring the functioning of the information system, to the premises and facilities in which they are installed	Control physical access to infrastructure components and technical facilities hosted on the infrastructure: - have identified a list of people with clearance; - keep a record of physical access; - described the rules and procedures for physical access management in the company's internal documentation
ZTS.5	Protection against external influences (environmental influences, unstable power supply, air conditioning and other external factors)	Located in data centers that are Tier III compliant. They provide: - prompt restoration of power supply and air conditioning system; - compliance with fire safety measures; - Compliance with equipment operating conditions and environmental conditions
INZ.1.	Identify those responsible for identifying and responding to incidents	Identified a list of those responsible for identifying and responding to physical security incidents
INZ.2.	Detection, identification and recording of incidents	Find, identify and record physical security incidents
INZ.3.	Timely informing the persons responsible for identifying and responding to incidents about the occurrence of incidents in the information system by users and administrators	Staff who are involved in the provision and operation of the service report physical security incidents to those responsible in a timely manner
INZ.4.	Incident analysis, including identification of sources and causes of incidents, and assessment of their consequences	In the case of a physical security incident, analyze the sources and causes of the incident, and assess the consequences
INZ.5.	Taking measures to eliminate the consequences of incidents	In the event of a physical security incident, we take remedial action
INZ.6.	Planning and taking measures to prevent the recurrence of incidents	In the event of a physical security incident, plan and take action to prevent recurrence
UKF.1.	Identification of persons authorized to make changes to the configuration of the information system and information protection system	Identified a list of employees who can make changes to the engineering infrastructure
UCF.2.	Management of changes in the configuration of the information system and information protection system	Described the process for managing configuration changes in the company's internal documentation
UCF.3.	Analysis of the potential impact of planned changes in the configuration of the information system and information protection system on information security and coordination of changes in the configuration of the information system with the official responsible for ensuring information security	Analyze the potential impact of the planned changes on information security and coordinate the changes with the security officer
UCF.4.	Documentation of information (data) on changes in the configuration of the information system and information protection system	Document information on changes in the engineering infrastructure in accordance with the company's internal documents

User⁠

The use of Selectel's Attested Data Center Segment service will make it possible to implement part of the security measures in the customer's area of responsibility.

	Content of information security measures	Implementation in the customer's area of responsibility
UPD.3.	Management (filtering, routing, connection control, unidirectional transmission and other control methods) of information flows between devices, segments of the information system, as well as between information systems	We provide the service with the condition of connecting the server through a dedicated firewall.The use of a firewall allows the user to fulfill the requirement to manage information flows
VMS.17.	Partitioning the information system into segments (information system segmentation) and ensuring protection of perimeters of information system segments	We provide the service with the condition of connecting the server through a dedicated firewall.The use of a firewall allows the user to fulfill the requirement to divide the information system into segments and ensure the protection of the perimeter of the segment
ZNI.1.	Accounting for machine-readable data carriers	Keep records of disks used in dedicated servers leased by the client
ZNI.2.	Managing access to machine storage media	Manage access to premises housing technical facilities, including machine data carriers: - identified a list of employees who have physical access; - described access rules and procedures in the company's internal documentation
ZNI.8.	Destruction (erasure) of information on machine media during their transfer between users, to third-party organizations for repair or disposal, as well as destruction (erasure) control	Destroy information on machine-readable media: - if the service is canceled, using a method that ensures that the information cannot be restored; - in case of media decommissioning using HDD and SSD disks recycling means that ensure impossibility of disk and information stored on it recovery. Described the destruction procedure and destruction control in the company's internal documentation