Solution

Confidential and private information security

Astra System Technologies pays a lot of attention to information security. Astra ST includes a special department which supervises matters of protected information processing, information security audit and attestation of informatization objects on compliance with the law requirements.

The segment of information security is presented in every project of the company. Development of new solutions starts with the examination of information security matters. The effective way to solve the problem of information security in the project is to develop systems originally oriented on protection of processed data. This approach is used in the solutions: Information systems and Information bureaus.

Information security is a complex and complicated matter. We distinguish our information solutions into two parts:

  • Information security audit, organization of data protection in the information system
  • Information system attestation in compliance with the requirements of the laws:
    1. Federal law On Personal Information № 152-FZ, 27 July 2006

      Federal law On Information, Information Technologies and Information protection № 149-FZ, 27 July 2006

    Information security audit and organization of data protection in the information system includes:
    • analysis of information streams of the enterprise,
    • analysis of information processing, storage and transfer means,
    • analysis of organizational connections, personnel communication,
    • detection of breaches and security threats,
    • applying technical security solutions,
    • applying organizational security means.


    Technical solutions include systems providing:
    • antivirus protection,
    • protection of data transfer network,
    • protection from unauthorized access,
    • protection from interference into software performance or alterations,
    • protection from information transfer beyond the information perimeter,
    • protection from leaks via the technological channels (EM radiation).

    Organizational means of protection:

    • physical restriction of access to certain facilities,
    • contractual agreements with the staff in order to prevent information disclosure,
    • removal of unused confidential information from processing.

    Information system attestation in compliance with the requirements of the laws includes:

    According to the Russian legislation, a set of activities, related to the information processing, requires licensing. Processed information is considered confidential and the attestation of the company information system is needed.
    The law On Personal Information separates an additional category in confidential information – personal information and includes in it a list of information systems.
    For example the reception in the hospital is the first category personal information processing system and requires attestation.

    Our solutions are based on the qualified consulting and efficient organization of security systems. We help to solve the problems related with the personal information protection legislation requirements.