> >

Regulations on the information system sample. Regulation on the use of information resources

Department Order information technologies Khanty-Mansiysk Autonomous Okrug - Yugra
No. 148 dated 08/15/2014
Attachments: 
Download document (.doc format) (0.41 MB)
Download document (.pdf format) (1.19 MB)

Guided by Article 4 of the Law of the Khanty-Mansiysk Autonomous Okrug - Yugra dated July 1, 2013 No. 61-oz "On State Information Systems of the Khanty-Mansiysk Autonomous Okrug - Yugra", Regulations on the Department of Information Technologies of the Khanty-Mansiysk Autonomous Okrug - Yugra, approved by the Governor Khanty-Mansiysk Autonomous Okrug - Yugra dated July 22, 2010 No. 138, in order to regulate relations arising in the formation and use of information resources of state information systems, order:
1. Approve recommendations on the development of a model regulation on state information system created by the body state power Khanty-Mansiysk Autonomous Okrug - Ugra (attached).
2. Development management information society place this order on the official website of the Department of Information Technologies of the Khanty-Mansiysk Autonomous Okrug - Yugra in the information and communication network Internet.

Director of the Department A.A. Borodin

Application
to the order of the Department
information technologies
Khanty-Mansi Autonomous
districts - Ugra
dated August 15, 2014 No. 148

1. These Recommendations have been developed in order to regulate the relations that arise in the formation and use of information resources of information systems.
2. Regulations on the state information system (hereinafter also referred to as IS) is the main document that defines the rules for the implementation of the activities of the state authority of the Khanty-Mansiysk Autonomous Okrug - Yugra (hereinafter referred to as the Autonomous Okrug) to create, ensure the functioning and development of IS (hereinafter referred to as the Regulations) .
3. IP users are IP Participants, Authorized IP Body, IP Operator, IP Methodologist.
4. Regulations on IP should contain the following sections: general provisions; authorized IP body; IS operator; IS methodologist; IS participants; IS structure; access to IP; the procedure for using IP; information exchange procedure limited access; information interaction of IS with other IS; control over the use of IP.
5. Depending on the type and conditions of functioning of the IS, it is allowed to introduce additional, exclude or combine sections of the Regulations.
6. In the "General Provisions" section, it is necessary to indicate the terms used in the Regulations, the purpose of creating IS, the purpose and scope of IS, the functions of IS, the categories of IS users, the procedure for creating, ensuring the functioning and development of IS, the procedure for interaction between the IS operator, IS users, authorized IP body and IP methodologist.
7. In the section “Authorized IP body” it is necessary to indicate: the name of the state authority authorized to create, methodological and regulatory support for the functioning and development of IS, approval of the regulations for providing information in IS by all categories of users, harmonization of regulations and formats for providing information; functions, rights and obligations of the Authorized IP Body.
8. In the "IS Operator" section, you must specify: the name of the organization that performs the functions of technological support of information interaction; rights, obligations and functions of the TIS Operator of Ugra.
It is necessary to take into account the performance of the following functions: providing access to IP resources; ensuring protection against unauthorized access to information contained in the IS; providing data backup; ensuring stable and reliable operation of software hardware complex IS, including due to equipment redundancy; consultation of IP users on issues of working with IP.
9. In the section "IS Methodologist" it is necessary to indicate the name of the public authority responsible for determining and maintaining the content structure of the information resources of the IP.
It is necessary to take into account the performance of the following functions by the IS Methodologist: maintenance of regulatory and reference information (rules for the formation of information in IS resources by spatial, temporal, sectoral and other meaningful features, including the rules and levels of decomposition of information stored in IS resources); determination of methods for verifying and ensuring the reliability of information, the procedure for the formation, transmission and presentation of cross-industry information, the responsibility for providing which is assigned to several IS Participants.
10. In the "IP Participants" section, you must specify: the procedure for joining the IS Participants; composition, rights and obligations of categories of users; responsibility of IS Participants for the use of IS information resources.
IS participants can be territorial bodies of federal executive bodies, executive bodies of state power of the Autonomous Okrug, local self-government bodies of the Autonomous Okrug, as well as commercial and non-profit organizations, separate divisions of organizations that use the information resources of IS.
11. In the section "IP Structure" it is necessary to indicate the classification category of IP (according to the methodological recommendations for executive bodies of state power of subjects Russian Federation on accounting for information systems and components of the information and telecommunications infrastructure created and acquired at the expense of the budgets of the constituent entities of the Russian Federation, as well as on the composition of information posted in the information systems accounting system, approved by order of the Ministry of Telecom and Mass Communications dated August 22, 2013 No. 220) , description of the levels of application of IS, description of the composition of information resources of IS.
12. In the “Access to IP” section, it is necessary to indicate the grounds for granting access to IP, the purpose of granting access, the period for granting access, the procedure for granting access to information resources to IP participants, cases of restriction or termination of access to IP.
13. In the section “Procedure for the use of IP”, it is necessary to indicate the methods of exchange (transfer / receipt / use) of information, accounting for the exchange of information, prohibitions on the use of information resources of the IP.
14. In the section "Procedure for exchanging restricted access information", you must specify information about the level of security in accordance with the requirements of the Federal Security Service of the Russian Federation and the Federal Service for Technical and Export Control, information about the level of security of personal data in accordance with the Decree of the Government of the Russian Federation dated 1 November 2012 No. 1119 "On approval of requirements for the protection of personal data during their processing in the personal data IS".
15. In the section "Information interaction of IS with other information systems", it must be taken into account that the information and technological interaction of IS with other information systems should be carried out by integrating them through a software and technological infrastructure that ensures the exchange of information between systems on the basis of agreements concluded by the IS operator with operators of other information systems.
An agreement on the information interaction of information systems should determine the information to be exchanged, the technical conditions for integration, the rules for the interaction of information system operators.
16. In the section “Control over the use of IP”, it is necessary to indicate the name of the state authority that exercises control over the use of IP, the procedure for exercising control.

August 4, 2005 N 274-P

POSITION
ON THE ELECTRONIC INFORMATION SYSTEM OF THE BANK OF RUSSIA

This Regulation has been developed in accordance with the Federal Law "On the Central Bank of the Russian Federation (Bank of Russia)" (Sobraniye Zakonodatelstva Rossiyskoy Federatsii, 2002, No. 28, Art. 2790; 2003, No. 2, Art. 157, No. 52, Art. 5032) , the Federal Law "On Information, Informatization and Protection of Information" (Sobraniye Zakonodatelstva Rossiyskoy Federatsii, 1995, N 8, Art. 60; 2003, N 2, Art. 167) and establishes the conditions and general rules for using the Electronic Information System of the Bank of Russia.

Due to the loss of force of the Federal Law of February 20, 1995 N 24-FZ, one should be guided by the adopted instead federal law No. 149-FZ dated July 27, 2006

The subject of these Regulations are the principles of creating the Electronic Information System of the Bank of Russia and interaction between users of the Electronic Information System of the Bank of Russia.

1. General Provisions

1.1. The Electronic Information System (EIS) of the Bank of Russia was created at the expense of the Bank of Russia to ensure the exchange of electronic messages between the Bank of Russia and users of the EIS of the Bank of Russia in order to carry out banking operations and other types of activities stipulated by law.

1.2. The functioning of the EIS of the Bank of Russia is provided by the computing and technical centers of the Bank of Russia, equipped with hardware and software, for the purpose of collecting, processing, storing and transmitting administrative, economic, accounting, reporting, operational information, information on settlement transactions (including payment information) and other information in accordance with the rules and conditions established in the regulations and organizational and administrative documents of the Bank of Russia, information exchange agreements (hereinafter referred to as the agreement). The electronic information system of the Bank of Russia interacts with the telecommunications system of the Bank of Russia.

1.3. Participants in the electronic information exchange using the EIS of the Bank of Russia are divided into internal and external users of the EIS of the Bank of Russia.

1.4. The internal users of the EIS of the Bank of Russia include: the central office of the Bank of Russia, territorial offices of the Bank of Russia, OPERU-1, the Central Depository of the Bank of Russia, field offices, computer centers, other divisions of the Bank of Russia in accordance with the structure of the Bank of Russia, determined by the organizational and administrative documents of the Bank of Russia.

Internal users of the EIS of the Bank of Russia, when interacting with each other using the resources of the EIS of the Bank of Russia, act on the basis of the regulations of the Bank of Russia, organizational and administrative documents of the Bank of Russia, which determine the procedure for accessing the EIS resources and the rules for their use.

1.5. EIS of the Bank of Russia can be used by external users, which include credit institutions (branches of credit institutions), government and local authorities, their organizations, and other clients of the Bank of Russia.

External users of the EIS of the Bank of Russia, in order to interact with the Bank of Russia using EIS resources, conclude an agreement with the Bank of Russia.

Procedure for access of external users of the EIS of the Bank of Russia to the computing and information resources of the EIS of the Bank of Russia, rules for their use and provision information security determined by the Bank of Russia.

1.6. For the purposes of this Regulation, the following terms and definitions are used:

Authentication of an electronic message is a procedure for monitoring the integrity and confirming the authenticity of an electronic message (ES).

Computing resources of the EIS of the Bank of Russia - hardware and software of the Bank of Russia that provide information processing.

The key (identifier) ​​of the ES authentication code is a unique data used by the exchange participant when creating and verifying the authentication code.

Authentication code (KA) - data used to control the integrity and authenticate the ES.

An emergency situation is a state of the computing and information resources of the EIS of the Bank of Russia that is not provided for by the documentation for the EIS of the Bank of Russia and leads to system failures and failures, the absence of a service provided to users of the EIS of the Bank of Russia and requires intervention to restore the normal functioning of the system.

Authentication - verification of a message transmitted electronically, allowing the recipient to determine that the message comes from a specified source.

Rules of the electronic information system (EIS rules of the Bank of Russia) - a set of norms, regulations and organizational and administrative documents of the Bank of Russia that establish the conditions for access to the EIS of the Bank of Russia, registration of exchange participants and their KA keys, documents provided, the procedure for using the EIS of the Bank of Russia, formats EC, EC control procedure, permits conflict situations, actions in emergency situations, management of spacecraft keys, information security.

Authentication tools (CA) - hardware and (or) software tools that ensure the creation and verification of the CA.

Telecommunication system of the Bank of Russia - hardware and software that ensure data transmission via communication channels.

Electronic message formats (FES) - an ordered sequence of characters included in the ES according to uniform rules, presented in a formalized form, in a prescribed sequence and dimension, used for transmission over communication and processing channels.

Electronic exchange participant - internal and external users of the EIS of the Bank of Russia, as defined in clauses 1.4 and 1.5 of these Regulations.

Electronic message (ES) - a set of data corresponding to the established by the Bank of Russia electronic format, suitable for unambiguous perception of its content, equipped with an authentication code.

2. Conditions for using the EIS of the Bank of Russia

2.1. Participants in the electronic exchange of information using the EIS of the Bank of Russia use the formats of electronic messages established by the rules of the EIS of the Bank of Russia, specified in clause 1.6 of these Regulations. The list of data included in the message is established by the EIS rules of the Bank of Russia.

2.2. External users of the EIS of the Bank of Russia to participate in the electronic exchange of information using the EIS of the Bank of Russia are guided by agreements concluded with the Bank of Russia, which provide for the procedure for exchanging electronic messages, establish the rights and obligations of the Bank of Russia and users of the EIS of the Bank of Russia, the responsibility of the parties, and the procedure for resolving conflict situations , the procedure for the parties to act in emergency situations that arise in the EIS of the Bank of Russia, the procedure for ensuring information security, including the procedure for using the authentication code, as well as other provisions that comply with the legislation and rules of the EIS of the Bank of Russia.

2.3. Internal users of the EIS of the Bank of Russia, when interacting with each other using the EIS of the Bank of Russia, are guided by the regulations and organizational and administrative documents that determine the rules of the EIS of the Bank of Russia.

2.4. The conditions for inclusion in the Bank of Russia EIS users, as well as the form of the act of readiness to start electronic information exchange using the Bank of Russia EIS, are established by the Bank of Russia EIS rules specified in clause 1.6 of these Regulations.

2.5. The decision to include credit institutions (branches of credit institutions) and other clients of the Bank of Russia as users of the EIS, as well as to set the date for the start of electronic information exchange using the EIS of the Bank of Russia, is made by the Bank of Russia, subject to the user’s readiness, confirmed in the manner established by the rules of the EIS of the Bank of Russia .

3. General rules for the exchange of information

3.1. The exchange of information is carried out in the EIS of the Bank of Russia in the form of ES sent by users of the EIS of the Bank of Russia to each other.

3.2. The composition of the details contained in the ES is determined by the regulations of the Bank of Russia.

3.3. The information contained in the ES must be available for its subsequent use, including the possibility of its visual presentation and reproduction on paper.

3.4. Electronic messages, used in the EIS of the Bank of Russia, must be equipped with CA, with the help of which message recipients can confirm the integrity and authenticity of the ES (authenticate the ES). The types of message authentication codes and the rules for their use for various types of banking information are established by the EIS rules of the Bank of Russia. Specific means of implementing KA messages, checking the integrity and authenticity of the ES are determined by the Bank of Russia.

3.5. Responsibility for the information contained in the ES is borne by the sender of the ES, whose CA key (identifier) ​​is registered in accordance with the established procedure and whose CA is equipped with this ES, unless otherwise provided by the EIS rules of the Bank of Russia and the contract.

3.6. Participants in the electronic information exchange and keys (identifiers) of the KA are registered by the Bank of Russia in accordance with the EIS rules of the Bank of Russia, as defined in Clause 1.6 of these Regulations.

4. The order of acceptance and control of received ES

4.1. All received ES are authenticated using authentication tools in the manner established by the Bank of Russia.

4.2. Based on the results of the ES authentication, the electronic exchange participant who received the ES sends to the sender an electronic message confirming the positive or negative result of the received ES authentication, containing a group of details determined by the Bank of Russia.

4.3. If the authentication result is negative, the received ES is not allowed for further processing.

4.4. The ES is considered delivered only after the sender receives confirmation of its delivery in accordance with the procedure established by the Bank of Russia.

5. The order of storage and destruction of ES

5.1. All sent and received ES, as well as SA and data required to verify the authentication code, are stored for the periods established by the Bank of Russia.

5.2. When storing ES, the following requirements must be met:

All ES are stored in the format in which they were sent or received, which makes it possible to establish that the sent or received data contained in the ES is not distorted. When storing ES, it should be possible to authenticate them during the entire period of storage;

All sent and received ECs are stored with the date and time of their sending and receiving;

The order of storage of ES should provide prompt access to the information contained in them and the possibility of its reproduction on paper.

5.3. The electronic messages and keys (identifiers) of the CA required to authenticate these messages are stored and destroyed in the manner prescribed by the Bank of Russia.

Chairman
Central Bank
Russian Federation
S.M. IGNATIEV

APPROVED

director's order

CJSC "Horns and Hooves"

dated "__" _____ 20__ No. _____

Muhosransk, 2012


1. General Provisions. 3

2. Terms and definitions. 3

3. Obligations and rights of users. four

4. Registration of users and equipment. 6

5. Duties and rights of the system administrator. 6

6. General rules work at AWP ……………………………………………………………………………...

7. Responsibility. 7

8. Management and maintenance of the document. 9

9. Application list ……………………………………………………………………..10


1. GENERAL PROVISIONS

1.1. Regulation on the use of information resources (hereinafter referred to as the Regulation) streamlines the use of information resources of the network of CJSC "Roga and Kopyta" (hereinafter referred to as the Company) in order to increase the efficiency of the implementation of production plans and the implementation of other activities provided for by the production need, as well as to prevent the misuse of information resources , hardware and software Companies.

1.2. This Regulation applies to users of any computer equipment (computers, computer peripherals, communication equipment) connected to the subdivision's local network, as well as to users performing remote access to the equipment of the Company's local network from other local networks and the Internet.

1.3. The Regulation defines the rights and obligations of both users of computer equipment and system administrators.

1.4. Non-compliance with the Regulations by employees may serve as a basis for the application of a disciplinary sanction.

2. TERMS AND DEFINITIONS

2.1. Local Area Networks (LANs) are networks of closely spaced computers, most often located in the same room, building, or closely spaced buildings. Local computer networks covering a certain enterprise and uniting heterogeneous computing resources in a single environment are called corporate networks.

2.2. Server - a hardware and software complex that performs the functions of storing and processing user requests, not intended for local access users (dedicated server, router and other specialized devices) due to the high requirements for ensuring the reliability, degree of availability and security measures of the enterprise information system.

2.3. Work station - Personal Computer(terminal) designed for user access to the resources of the Enterprise Automated System, receiving, transmitting and processing information.

2.4. ARM - workplace, secured (staffed) workstation and peripherals (printer, scanner) having/not having access to resources corporate network data transmission

2.5. Automated system (AS) - a set of software and hardware designed to store, transmit and process data and information and perform calculations.

2.6. System administrator - an official whose duties include maintaining the entire hardware and software complex of the company, managing access to network resources, as well as maintaining the required level of fault tolerance and data security, their backup and recovery.

2.7. User - an employee of the Company who has access to the information system of the company to perform job duties.

2.8. Account - information about the network user: username, password, access rights to resources and privileges when working in the system. The account may contain Additional information(address Email, telephone, etc.).

2.9. Password - a secret string of characters (letters, numbers, special characters) presented by the user to a computer system in order to gain access to data and programs. The password is a means of protecting data from unauthorized access.

2.10. Changing permissions - the process of creating deletion, making changes to AS user accounts, creating, deleting, changing names mailboxes and email addresses, creating, deleting, changing security groups and mail distribution groups, as well as other changes that lead to the expansion (reduction) of the amount of information or resources available to the user AS.

2.11 Incident - an event that occurred as a result of a computer failure or a human factor, which led to the partial or complete inoperability of the workstation or the AU.

3. RESPONSIBILITIES AND RIGHTS OF USERS.

3.1. Users are required to:

  • read the Regulations before starting work on computer equipment,
  • be registered, instructed and receive personal access attributes (name, password) to work with equipment with established powers,
  • set a personal access password (if the user is given the opportunity to change the password) in accordance with clause 6.2 of this provision,
  • use computer equipment exclusively for activities stipulated by the production need and job descriptions,
  • install the workstation in a place convenient for work, on a solid (stable) surface away from potential sources of pollution (open windows, flower pots, aquariums, teapots, flower vases, etc.), so that the ventilation openings of the means computer science were opened for air circulation

Wipe the workstation equipment from dust at least once every two weeks in compliance with the requirements of safety regulations;

  • report noticed malfunctions of computer equipment and shortcomings in the operation of public software,
  • rational use of limited shared resources (disk memory of public computers, bandwidth of the local network) and consumables,
  • comply with the requirements of the system administrator, as well as persons appointed responsible for the operation of specific equipment, in terms of the security of the operation of the network complex and equipment,
  • follow the rules of work computer network,
  • comply with the mandatory recommendations of responsible persons on computer security,
  • at the request of the system administrator, provide correct information about the network programs ah, about users who have access to a PC or are registered in multi-user operating systems,
  • provide access to the PC to system administrators to check the health and compliance with the established work rules,
  • assist system administrators in the performance of their duties,
  • immediately notify the system administrator of observed cases of violations of computer security (unauthorized access to equipment and information, unauthorized distortion or destruction of information).

3.2. Users are prohibited from:

  • use equipment for activities that are not due to production needs and job descriptions,
  • interfere with the work of other users, interfere with the operation of computers and the network,
  • turn on, turn off, switch, move, disassemble, change the setting of public equipment, except for the direct indication of the person in charge and except in cases of fire danger, smoke from the equipment, or other threats to life and health of people or threats to the safety of property,
  • connect new computers and equipment to the local network without the participation of a system administrator,
  • transfer to other persons their personal access attributes (registration name and password) to the computer equipment and the network of the department,
  • access the equipment and network using someone else's personal access attributes or using someone else's session,
  • delete files of other users on public servers,
  • to attempt unauthorized access to computer equipment and information stored on computers and transmitted over the network,
  • use, distribute and store programs designed to carry out unauthorized access, crack passwords, disrupt the functioning of computer equipment and computer networks, as well as computer viruses and any programs infected by them,
  • use, distribute and store network management and monitoring programs without special permission from the system administrator,
  • violate the rules of the remote computers and remote equipment accessed through the unit's equipment or network,
  • provide access to computer equipment to unregistered users,
  • use on your workstations removable drives and other devices without a preliminary check for possible threats (virus penetration, malware, the probability of physical failures). In the case when the user cannot independently verify that there are no threats, he can involve the system administrator for analysis.
  • Change the configuration of the workstation (open the PC, change, add, remove nodes and parts);
  • Remove or modify installed software (SW).
  • Install on your computer software that is not designed to perform production tasks;
  • Perform actions and commands, the result and consequences of which are not known to the user;
  • Change IP addresses;
  • Create and maintain, using the resources of corporate workstations, personal WEB pages on servers that are not part of the company's LAN, except as agreed by the management of departments;

3.3. Users have the right:

  • to receive a proper and serviceable workstation, to perform direct functional duties
  • apply for the right to access public equipment,
  • apply for allocation and modernization of computer equipment for personal use,
  • apply for an increase in quotas for computer resources and meeting the needs for consumables, if the average norms are exceeded, a justification must be provided,
  • make proposals for the installation of free and the acquisition of commercial software for general use,
  • make proposals for the purchase of computer equipment,
  • make proposals for improving the settings of equipment and software for general use, for improving working conditions,
  • receive advice from the system administrator on working with computer equipment and software for general use, on computer security issues,
  • in case of disagreement, appeal against the actions of the system administrator with the immediate supervisor,
  • make proposals to change this Regulation,
  • receive notifications about changes in these Regulations and the rules for working on specific equipment.

4. REGISTRATION OF USERS AND EQUIPMENT.

4.1. Registration of new equipment connected to the Company's network is carried out by the system administrator. Equipment for personal use is assigned to an employee who takes responsibility for its operation. The responsible person is obliged to notify the system administrator who keeps records about moving the equipment to another room, about changing the configuration, about putting it in for repair, about transferring responsibility for the equipment to another person.

4.2. The transfer of equipment is carried out only in the case of bilateral signing of an act of liability between the transferring and receiving parties.

4.3. User registration is performed by the system administrator responsible for granting access to specific equipment.

5. DUTIES AND RIGHTS OF THE SYSTEM ADMINISTRATOR

5.1. The system administrator must:

  • to improve the operation of equipment and software for general use in order to increase the efficiency of the performance of users of their official duties,
  • monitor the stable operation of workstations, servers, programs installed on them and automated systems,
  • monitor the relevance of accounts, passwords and user permissions,
  • provide users with the information necessary to work on public computer equipment,
  • bring to the attention of users information about changes in the rules or mode of operation of public equipment,
  • to reduce to the minimum necessary downtime of equipment due to malfunctions and service work,
  • conduct explanatory work among users on computer security issues,
  • to bring to the attention of users the rules for working on specific equipment,
  • not to disclose information obtained in the course of the performance of official duties and not directly related to the duties performed.

5.2. The system administrator has the right to:

  • issue warnings to users who have violated the established rules of work, as well as inform the direct management of the incident.
  • demand from the user a detailed report on the work, if during this work there was a failure or failure of equipment or software of general use,
  • require justification for the need to allocate limited resources to the user or Supplies above the average planned level,
  • check the serviceability of computers connected to the Company's LAN, the correct configuration of network programs and compliance with the rules of work, using, if necessary, administrative access to the PC for the time of the check,
  • promptly disconnect from the network, block operation or decommission equipment in the event of a violation of computer security, due to a malfunction or gross violation of the rules of operation,
  • in an emergency, to ensure the uninterrupted operation of the network and public computers, turn off the equipment in the absence of a responsible person or user and without prior notice.
  • the system administrator has the right to delete user files containing game programs and programs designed to violate computer security, infected files from the disks of public computers without warning computer viruses, files containing multimedia information that is not related to the activities of the Company.

6. GENERAL RULES OF WORK ON ARM

6.1. When accessing AC services and resources, the user is required to enter his name and password (except for public resources).

6.2. Requirements for user passwords and how to work with them

6.2.1 Passwords must be generated by special software or chosen independently by users, and, if necessary, by administrators, taking into account the following requirements:

  • the user password must be at least 8 characters long;
  • password characters must contain letters and numbers;
  • it is desirable to use punctuation marks in the password characters, Special symbols (" ~ ! @ # $ % ^ & * () - + _ = \ ! / ?).

    6.2.2 The password must not consist of:

  • last name, first name, patronymic of the user in any form, i.e. written in lowercase, uppercase, mixed, backwards, twice, etc.;
  • surnames, names, patronymics of relatives and friends of the user in any form;
  • names of pets, car numbers, phone numbers and other meaningful combinations of letters and characters that can be guessed based on information about the user;
  • well-known names, dictionary and slang words;
  • sequences of characters and signs (111, qwerty, abcd, etc.);
  • generally accepted abbreviations and abbreviations (computer, LAN, USER, etc.);
  • denominations account user.

6.3 Entering a password

When entering a password, the user must exclude the possibility of his peeping by unauthorized persons (a person behind his back, a person observing the movement of fingers in direct line of sight or in reflected light) and technical means(stationary and built-in Cell phones video cameras, etc.).

6.4. Password storage

  • It is forbidden to write down passwords on paper, in files, electronic notebooks and other information carriers, including objects.
  • It is forbidden to communicate passwords to other users, service personnel of automated information systems and register them in systems under your account, except in cases of troubleshooting (in the presence of the user).
  • It is forbidden to send the password in clear text in e-mail messages.
  • Storing your password on paper is allowed only in the password owner's personal safe.

6.5. Password change

Scheduled password changes must be carried out at least once every 180 days.

For ACs that allow policy setting password protection and user access, the following principles for changing passwords are used:

  • when creating an account, the administrator sets an option that regulates the password change period (180 days);
  • the password is changed by the user independently in accordance with the system warning that occurs when the current password expires.

For ASs that do not have the ability to configure a password protection policy and user access, passwords are changed by the administrator by generating a new User password. The created password is transferred to the User in a way that excludes its compromise.

6.6 Actions in case of loss or compromise of the password.

Oral request of the User to change the password is not a basis for such changes.

6.7. Connecting user workstations to AS services and resources, setting access rights.

  • Users are connected to AS resources and services by the system administrator on the basis of an application drawn up in accordance with the Instructions on the Procedure for Connecting Users to LAN Network Resources and Eliminating Incidents in AS CJSC Roga and Hooves
  • The network administrator does not have the right to independently change the access rights of a particular user without an agreed application, except for the cases described in clause 3.2, when the user, by his actions, violates the provisions of this manual or other regulations for the operation of the AU. In this case, the administrator has the right to temporarily disconnect the user (his workstation) from the resources and services of the AS and initiate an internal investigation into the user's illegal actions.

6.8. Work with incidents in the AS of the company.

It is carried out on the basis of the Instruction on the procedure for connecting users to local network resources and eliminating incidents in ZAO Roga i Kopyta.

7. RESPONSIBILITY

7.1. This Regulation is approved by the Company's management and communicated to employees through the heads of departments and system administrators. In the event of a conflict, legal users are required to comply with the current requirement of the specified persons, and then contact the management to resolve the conflict.

7.2. The user is responsible for maintaining the confidentiality of his passwords for entering the network environment of the company's computer resources. Users are prohibited from acting or failing to contribute to the disclosure of their password.

7.3. The Company is not responsible for the illegal or unethical actions of its employee (employees) in the field of computer or telecommunications technologies, if such actions are committed during off-duty hours and from the territory and by means of equipment not under the jurisdiction of the Company. In this situation, the references of such a person (persons) to belonging to the Company cannot serve as a basis for legal prosecution of the Company for the actions of its employee (employees).

7.4. Roga i Kopyta CJSC is also not responsible for the user's own installation of software that is not included in the approved "List of corporate software (software)", as well as for improper and poor-quality operation of this software.

7.5. Elimination of all possible malfunctions and failures in the operation of the company's computer resources that arose due to self installation by an employee of software that is not included in the "Corporate list of software (software)", or as a result of irrational use of equipment is carried out at the expense of own funds user.

7.6. The Company reserves the right to prosecute an employee (employees) for illegal or unethical actions in the field of computer or telecommunications technologies, if such actions are committed on the territory of the Company or through its computer resources.

8. MANAGEMENT AND DOCUMENT MAINTENANCE

8.1. A copy of the approved Regulations with the order of the Director of the Company on its introduction (set) is kept by the employee of the Company, who is responsible for personnel records management.

8.2. The employee of the Company, who is responsible for personnel records management, introduces employees who have direct access to the software and hardware Companies, with the Regulations, amendments and additions made to it.

8.3. If it is necessary to adjust the Regulations, the director of the company prepares an instruction to amend and supplement it.

8.4. The HR manager prepares a draft Regulation, which is approved and put into effect by the order of the director of the company.

8.5. An approved copy of the Regulation is registered by the office manager.

9. APPS

9.1 Instructions on the procedure for connecting users to network resources and eliminating incidents in CJSC Horns and Hooves

Order of the Federal Service for Ecological,
technological and nuclear supervision
dated July 24, 2012 No. 416

"On approval of the Regulations on the automated information system
on the regulation of safety in the field of the use of atomic energy"

In order to improve the information support of the Federal Service for Ecological, Technological and Nuclear Supervision, to ensure the performance of state functions for licensing activities in the field of the use of atomic energy and for supervision of the system of state accounting and control of nuclear materials, as well as in pursuance of clause 5 of the order of the Federal Environmental Service , Technological and Nuclear Supervision of February 13, 2012 No. 96 "On the development and modernization of special software for the Information System for Supervision of Accounting and Control of Nuclear Materials" I order:

1. Approve the attached Regulations on the automated information system for safety regulation in the field of atomic energy use.

2. Recognize invalid the order of the Federal Service for Ecological, Technological and Nuclear Supervision dated June 04, 2010 No. 454 "On Approval of the Regulations on the Information System for Supervision of Accounting and Control of Nuclear Materials".

3. To impose control over the implementation of this order on the Secretary of State - Deputy Head A.V. Ferapontov.

POSITION
ABOUT AUTOMATED INFORMATION SYSTEM
ON REGULATION OF SAFETY IN THE FIELD
USE OF NUCLEAR ENERGY

(approved by order of the Federal Environmental Service,
Technological and Nuclear Supervision of July 24, 2012 No. 416)

I. General provisions

1. This Regulation determines the main goals, objectives, structure and operation of the automated information system for safety regulation in the field of atomic energy use (hereinafter referred to as AIS NRS) of the Federal Environmental, Industrial and Nuclear Supervision Service.

2. AIS NRS is one of the tools for information support for the effective and high-quality performance of state functions by Rostechnadzor:

on licensing activities in the field of the use of atomic energy;

on issuing permits for the right to conduct work in the field of the use of atomic energy to employees of facilities using atomic energy;

on supervision of the system of state accounting and control of nuclear materials;

on supervision of the system of state accounting and control of radioactive substances and radioactive waste;

for the supervision of the physical protection of radiation sources, radioactive substances, storage facilities, storage facilities for radioactive waste at radiation hazardous facilities and at nuclear facilities.

3. The requirements of the Regulations are mandatory for employees of the central office and territorial bodies of Rostechnadzor in the performance of state functions of providing public services on licensing activities in the field of the use of atomic energy, on issuing permits for the right to conduct work in the field of the use of atomic energy to employees of nuclear facilities, on supervision of the system of state accounting and control of nuclear materials, on supervision of the system of state accounting and control of radioactive substances and radioactive waste, for the supervision of the physical protection of radiation sources, radioactive substances, storage facilities, storage facilities for radioactive waste at radiation hazardous facilities and at nuclear facilities.

4. Regulation on AIS NRS was developed on the basis of the following documents:

Regulations on the Federal Service for Ecological, Technological and Nuclear Supervision, approved by Decree of the Government of the Russian Federation dated July 30, 2004 No.;

Regulations on licensing activities in the field of the use of atomic energy, approved by the Decree of the Government of the Russian Federation of July 14, 1997 No.;

List of positions of employees of nuclear facilities that must obtain permits from the Federal Service for Ecological, Technological and Nuclear Supervision for the right to conduct work in the field of nuclear energy use, approved by Decree of the Government of the Russian Federation dated March 3, 1997 No.;

Administrative Regulations for the Federal Environmental, Industrial and Nuclear Supervision Service to Perform the State Function of Licensing Activities in the Field of the Use of Atomic Energy, approved by Order No. of the Ministry of Natural Resources and Ecology of the Russian Federation dated October 16, 2008;

Administrative Regulations for the Federal Environmental, Industrial and Nuclear Supervision Service to perform the state function of monitoring and supervising the physical protection of nuclear installations, radiation sources, storage facilities, nuclear materials and radioactive substances, systems of unified state accounting and control of nuclear materials, radioactive substances , radioactive waste, approved by order of the Federal Service for Ecological, Technological and Nuclear Supervision dated December 15, 2011 No.;

Administrative regulation on the provision by the Federal Service for Environmental, Technological and Nuclear Supervision of the state service for issuing permits for the right to conduct work in the field of the use of atomic energy to employees of nuclear facilities, approved by order of the Federal Service for Environmental, Technological and Nuclear Supervision of December 21, 2011 No.;

Instructions for reporting in the field of supervision of the state of accounting, control and physical protection, approved by order of the Federal Service for Environmental, Technological and Nuclear Supervision dated September 9, 2011 No. 530.

II. Main goals and objectives of the AIS NRS

5. AIS NRS is designed to provide information support for the performance by Rostekhnadzor of the state functions of providing public services for licensing activities in the field of the use of atomic energy, for issuing permits for the right to conduct work in the field of the use of atomic energy to employees of nuclear facilities, for supervision of the system of state accounting and control nuclear materials, on supervision of the system of state accounting and control of radioactive substances and radioactive waste, on supervision of the physical protection of radiation sources, radioactive substances, storage facilities, radioactive waste storage facilities at radiation hazardous facilities and at nuclear facilities.

6. AIS NRS ensures the input, collection, storage, processing and access to information necessary for employees to perform the relevant functions of providing public services through a single user interface.

7. Within the framework of AIS NRS, the following applied tasks are performed:

registration of organizations (including nuclear facilities) supervised by Rostekhnadzor;

planning inspections and registration of conducted inspections (verifications, hereinafter referred to as inspections) for supervision of accounting for and control of nuclear materials, for supervision of accounting for and control of radioactive substances and radioactive waste, for supervision of the physical protection of radiation sources, radioactive substances, facilities storage, storage facilities for radioactive waste at radiation hazardous facilities and at nuclear facilities;

registration of information on detected anomalies based on special reports from supervised organizations;

registration of information about unauthorized actions based on notifications from supervised organizations;

consolidated reporting on supervision of accounting and control of nuclear materials, on supervision of accounting and control of radioactive substances and radioactive waste, on supervision of the physical protection of radiation sources, radioactive substances, storage facilities, storage facilities for radioactive waste at radiation hazardous facilities and at nuclear facilities;

licensing of activities in the field of atomic energy use;

issuance of permits for the right to conduct work in the field of the use of atomic energy to employees of facilities using atomic energy.

III. Structure and composition of AIS NRS

8. AIS NRS has a three-level structure. The first level of the system is the central office, the second level is the interregional territorial departments for supervision of nuclear and radiation safety of Rostekhnadzor (hereinafter referred to as the MTD NRS), the third level is the inspection departments of the MTD NRS.

9. AIS NRS hardware consists of:

complex of special software tools, hardware complex and information database of the AIS NRS of the central office of Rostekhnadzor;

complexes of special software tools, hardware complexes and information databases of the AIS NRS in the MTD NRS and the corresponding departments of inspections.

10. To ensure the protection of information in the AIS NRS, mechanisms have been implemented to differentiate the access rights of end users and protect against unauthorized access.

Each user of AIS NRS applied tasks can work only under his own name and password. The access of a particular user to information is determined by the functions performed by him within the system and is supported both at the database level and at the application menu level. The system supports registration of information about the user and the date of actions (changes, etc.) performed by him in AIS NRS.

IV. Use and maintenance of AIS NRS

11. The Department for Safety Regulation of Nuclear Fuel Cycle Facilities, Nuclear Power Plants of Ships and Radiation Hazardous Facilities, Supervision of Accounting and Control of Nuclear Materials and Radioactive Substances and Physical Protection is responsible for:

for coordination of regulatory and methodological support and methodological guidance on the use and development of AIS NRS;

for methodological guidance and use of AIS NRS in terms of performing state functions of supervising the system of state accounting and control of nuclear materials, supervising the system of state accounting and control of radioactive substances and radioactive waste, supervising the physical protection of radiation sources, radioactive substances, storage facilities , storage facilities for radioactive waste at radiation hazardous facilities and at nuclear facilities;

for methodological guidance and use of the AIS NRS in terms of issuing permits for the right to conduct work in the field of the use of atomic energy to employees of nuclear facilities in accordance with the competence of the Department.

12. The Department for Organizational Controlling and Licensing and Licensing Activities is responsible for the methodological guidance and use of the AIS NRS in terms of performing the state function of licensing activities in the field of atomic energy use.

13. Department for Safety Regulation of Nuclear Power Plants and Nuclear Research Installations for methodological guidance and use of AIS NRS in terms of issuing permits for the right to conduct work in the field of the use of atomic energy to employees of nuclear facilities in accordance with the competence of the Department.

14. In Rostekhnadzor, by order of the head, the structural unit authorized in the field of informatization is responsible for:

for the organization and control over the performance of work on the technical support of the operation of special software, hardware and the AIS NRS information database in the central office of Rostekhnadzor;

for the methodological guidance of technical support for the operation of AIS NRS hardware and software systems at MTU NRS;

for the administration and organization of providing access to information resources of the AIS NRS in the central office of Rostechnadzor.

15. MTD NRS are responsible for:

for the organization and control over the performance of works on technical support for the operation of special software, hardware complex and AIS NRS information database in the relevant ITD NRS and inspection departments;

for the appointment of persons responsible for maintaining applied tasks of the AIS NRS and their performance of the relevant functions.

16. Department for Organizational and Controlling and Licensing Activities, Department for Safety Regulation of Nuclear Power Plants and Nuclear Research Installations, Department for Safety Regulation of Nuclear Fuel Cycle Facilities, Nuclear Power Plants of Ships and Radiation Hazardous Facilities, Supervision of Accounting and Control of Nuclear Materials and radioactive substances and physical protection are responsible within the framework of the central office of Rostechnadzor for the appointment of those responsible for maintaining applied tasks of the AIS NRS in the relevant structural unit and the performance of their respective functions.

V. Entering information

17. To ensure the functioning of AIS NRS, timely input of the following reference information is required:

17.1. Directory "Licensing - Types of activities licensed by Rostekhnadzor";

17.2. Directory "Licensing - Categories of objects and objects of application";

17.3. Directory "Licensing - Permitted Activities";

17.4. Directory "Licensing - License status - Change reasons";

17.5. Directory "Licensing - License status - Reasons for change";

17.6. Directory "Organizations - Federal Districts";

17.7. Directory "Organizations - Subjects of the Federation";

17.8. Directory "Organizations - Directions of activity";

17.12. Directory "Inspection activity - Type of activity";

17.13. Directory "Inspection activity - category of violation";

17.14. Directory "Inspection activities - Direction of supervision";

17.15. Information on the registration of the organization in the system of state accounting and control of nuclear materials and / or in the system of state accounting and control of radioactive substances and radioactive waste "Organizations - System UK";

17.16. Information about the organization's registration in the physical protection system "Organizations - System FZ";

17.17. Directory "Permissions - Categories of positions of workers";

17.18. Information in the section "Rostekhnadzor - Structure of Rostekhnadzor";

17.19. Information in the section "Rostekhnadzor - Transfer of RTN employees".

18. The department for ensuring organizational and control and licensing and permitting activities is responsible for entering information and keeping reference books No. 17.1 - 17.5 up to date;

The Department for Safety Regulation of Nuclear Fuel Cycle Facilities, Nuclear Power Plants of Ships and Radiation Hazardous Facilities, Supervision of Accounting and Control of Nuclear Materials and Radioactive Substances and Physical Protection is responsible for entering information and keeping reference books No. 17.8 - 17.14 up to date;

Department for Safety Regulation of Nuclear Fuel Cycle Facilities, Nuclear Power Plants of Ships and Radiation Hazardous Facilities, Supervision of Accounting and Control of Nuclear Materials and Radioactive Substances and Physical Protection and Department for Regulation

the safety of nuclear power plants and nuclear research installations are responsible for entering information and maintaining up to date Directory No. 17.17;

MTD NRS are responsible for entering information and keeping up-to-date reference books 17.15 - 17.16 for the respective supervised organizations;

Structural subdivisions of the central office and MTU NRS of Rostechnadzor, which are responsible for organizing and monitoring the performance of work on technical support for the operation of special software, hardware and the AIS NRS information database, are responsible for entering information and maintaining up to date reference books No. 17.6, 17.7, 17.18 and 17.19.

19. Changes to reference books 17.1 - 17.19 are carried out by the relevant responsible persons within three days from the date of receipt of information about the need to make changes.

20. To ensure the AIS NRS application task of registering organizations (including nuclear facilities) supervised by Rostechnadzor, persons responsible for the timely input of information should be appointed:

in the central office - in the Department for ensuring organizational-control and licensing-permitting activities;

in MTD NRS - in subdivisions that register and record information about supervised organizations.

21. To support the applied tasks of the AIS NRS for planning inspections and recording inspections carried out for supervision of accounting for and control of nuclear materials, for supervision of accounting for and control of radioactive substances and radioactive waste, for supervision of the physical protection of radiation sources, radioactive substances, storage facilities, radioactive waste storage facilities at radiation hazardous facilities and at nuclear facilities, registration of information on detected anomalies based on special reports from supervised organizations and registration of information on unauthorized actions in relation to nuclear materials and physical protection at supervised organizations should be appointed, persons responsible for the timely entry of information :

in the central office - in the Department for Safety Regulation of Nuclear Fuel Cycle Facilities, Nuclear Power Plants of Ships and Radiation Hazardous Facilities, Supervision of Accounting and Control of Nuclear Materials and Radioactive Substances and Physical Protection;

in MTD NRS - in the subdivisions involved in planning and conducting inspections for accounting and control of nuclear materials, registration and accounting of information on detected anomalies and unauthorized actions.

22. To support the application task of the AIS NRS on consolidated reporting on supervision of accounting and control of nuclear materials, on supervision of accounting and control of radioactive substances and radioactive waste, on supervision of the physical protection of radiation sources, radioactive substances, storage facilities, storage facilities for radioactive waste at at radiation hazardous facilities and at nuclear facilities, persons responsible for the timely input of information should be appointed:

in the central office - in the Department for Safety Regulation of Nuclear Fuel Cycle Facilities, Nuclear Power Plants of Ships and Radiation Hazardous Facilities, Supervision of Accounting and Control of Nuclear Materials and Radioactive Substances and Physical Protection;

at MTD NRS - in subdivisions collecting and summarizing reports on supervisory activities in the field of accounting and control of nuclear materials.

23. To ensure the AIS NRS application task of licensing activities in the field of atomic energy use, persons responsible for the timely input of information should be appointed:

in the central office - in the Department for Organizational and Controlling and Licensing and Permitting Activities, the Department for Safety Regulation of Nuclear Fuel Cycle Facilities, Nuclear Power Plants of Ships and Radiation Hazardous Facilities, Supervision of Accounting and Control of Nuclear Materials and Radioactive Substances and Physical Protection and in the Department on the regulation of the safety of nuclear power plants and nuclear research facilities;

at MTU NRS - in subdivisions involved in the consideration and issuance of licenses in the field of atomic energy use.

24. To ensure the AIS NRS application task of issuing permits for the right to conduct work in the field of atomic energy use, employees of nuclear facilities should be assigned persons responsible for the timely input of information:

in the central office - in the Department for Safety Regulation of Nuclear Fuel Cycle Facilities, Nuclear Power Plants of Ships and Radiation Hazardous Facilities, Supervision of Accounting and Control of Nuclear Materials and Radioactive Substances and Physical Protection and in the Department for Safety Regulation of Nuclear Power Plants and Nuclear Research Installations;

at MTU NRS - in the divisions involved in the consideration and issuance of permits for the right to conduct work in the field of the use of atomic energy to employees of nuclear facilities.

25. As part of the applied tasks for planning inspections and recording inspections carried out for supervision of accounting and control of nuclear materials, for supervision of accounting for and control of radioactive substances and radioactive waste, for supervision of the physical protection of radiation sources, radioactive substances, storage facilities, storage facilities for radioactive waste at radiation-hazardous facilities and at nuclear facilities, registration of information on identified anomalies based on special reports from supervised organizations, registration of information on unauthorized actions in relation to nuclear materials and physical protection at supervised organizations, information must be entered into the AIS NRS within two days from the moment of its receipt.

26. As part of the applied task on consolidated reporting on supervision of accounting and control of nuclear materials, on supervision of accounting and control of radioactive substances and radioactive waste, on supervision of the physical protection of radiation sources, radioactive substances, storage facilities, radioactive waste storage facilities at radiation hazardous facilities and at nuclear facilities, the information shall be entered into the AIS NRS within the time limits stipulated by the reporting documents of Rostechnadzor.

27. As part of the applied tasks of registering supervised organizations (including nuclear facilities) and licensing activities in the field of the use of atomic energy, entering information about the facility using atomic energy, receipt of an application for a license, making changes to the terms of the license, cancellation of a license or issuance of a duplicate of a license, issuance of a license, changes in the terms of the license is carried out on the day the documents are received.

Entering information about the progress of consideration of the application, the examination, inspection, etc. carried out within two days from the date of receipt of the information.

28. As part of the applied task of issuing permits for the right to conduct work in the field of the use of atomic energy, employees of nuclear facilities enter information about the receipt of an application for obtaining a permit, for extending the validity of a permit, for reissuing, canceling a permit or issuing a duplicate of a permit, issuing a permit , extension of the validity period or reissuance of the permit is carried out on the day the documents are received.

VI. Data exchange

29. Data exchange in AIS NRS is organized between all three levels. Within the framework of the AIS NRS, it is possible to organize work with the information database in two ways:

work with the central information database AIS NRS of the central office of Rostechnadzor through local network or dedicated communication channels;

work with the local information database of the AIS NRS of the MTU NRS or the inspection department.

When working with the central information database of the AIS NRS of the central office, data is entered directly into the information database of the central office of Rostechnadzor. When working with a local database, data is entered into the local database of the AIS NRS, information exchange with other local databases and with the database of the central office of Rostechnadzor is organized through uploading/downloading data in the format Microsoft Excel.

30. Inspection departments of the MTD NRS, working with the local AIS NRS database, must upload data from local server databases of the inspection department and send data in Microsoft Excel format to the appropriate ITD NRS. MTD NRS uploads data from the local databases of inspection departments to the local server of the AIS NRS database of the MTD NRS or to the central information database of the AIS NRS of the central office of Rostechnadzor.

31. MTD NRS, working with the local AIS NRS database, must upload data from the local server of the MTD NRS database and send data in Microsoft Excel format to the central office of Rostechnadzor.

32. Within the framework of the administration of the AIS NRS, the central office shall be responsible for the collection of MTD NRS data and entry into the central database of the AIS NRS. The person responsible for data collection uploads data from the MTD NRS to the central database of the AIS NRS of the central office of Rostechnadzor.

33. If necessary, the person responsible for data collection should upload reference data from the central database of the AIS NRS of the central office of Rostechnadzor and send them to MTD NRS. MTD NRS should upload the reference data to the local database, as well as ensure the transfer of reference data to the local databases of the MTD NRS inspection departments (if necessary).

34. Frequency of data exchange between local databases of inspection departments and MTD NRS is established by orders for the corresponding MTD NRS, but at least once a quarter.

35. Data exchange between the local databases of the MTD NRS and the central database of the AIS NRS of the central office of Rostechnadzor (except for data on licensing activities in the field of atomic energy use) is carried out quarterly until the 10th day of the month following the end of the quarter (or at the request of the central office).

The exchange of data on licensing activities in the field of the use of atomic energy between the local databases of the MTD NRS and the central database of the AIS NRS of the central office of Rostechnadzor is carried out monthly until the 10th day of each month (or at the request of the central office).

36. MTD NRS should appoint a responsible unit, as well as persons personally responsible for data exchange in AIS NRS.

Internet
The most interesting:
How to connect the printer via LAN
Instagram self-promotion tools
How to make money on Glopart