home Work and education The concept of information security of Gazprom. Information security policy Gazprombank

The concept of information security of Gazprom. Information security policy Gazprombank

Send your good work in the knowledge base is simple. Use the form below

Students, graduate students, young scientists who use the knowledge base in their studies and work will be very grateful to you.

Posted on http://www.allbest.ru/

Kazan (Volga Region) Federal University

Institute of Management and Territorial Development

Department of Strategic and Financial Management

RESEARCH

in the discipline "Corporate Security Management"

Analysis of the corporate security of OAO Gazprom

Completed by: student of group 1498-2

Mingalimova G.G.

Checked by: Gabdullin N.M.

Kazan 2013

1. Characteristics of the enterprise JSC "Gazprom"

5. Analysis financial stability of Latvia gas company according to presented balance sheet

corporate security financial sustainability

1. Characteristics of OAO Gazprom

OAO Gazprom is a global energy company. The main activities are exploration, production, transportation, storage, processing and sale of gas, gas condensate and oil, as well as the production and sale of heat and electricity. OAO Gazprom. -[ Electronic resource] .

Gazprom sees its mission in the reliable, efficient and balanced supply of natural gas, other types of energy resources and products of their processing to consumers.

Gazprom has the richest reserves in the world natural gas. Its share in world gas reserves is 18%, in Russian - 70%. Gazprom accounts for 15% of the world and 78% Russian production gas. The company is currently actively implementing large-scale projects to develop the gas resources of the Yamal Peninsula, the Arctic shelf, Eastern Siberia and Far East, as well as a number of projects for the exploration and production of hydrocarbons abroad.

Gazprom is a reliable gas supplier to Russian and foreign consumers. The company owns the world's largest gas transmission network -- one system gas supply to Russia, the length of which exceeds 161 thousand km. On the domestic market Gazprom sells over half of the gas it sells. In addition, the company supplies gas to 30 countries near and far abroad.

Gazprom is the only producer and exporter of liquefied natural gas in Russia and provides about 5% of the world's LNG production.

The company is in the top five largest manufacturers oil in the Russian Federation, and is also the largest owner of generating assets in its territory. Their total installed capacity is 17% of the total installed capacity of the Russian energy system.

The strategic goal is to establish OAO Gazprom as a leader among global energy companies through the development of new markets, diversification of activities, and ensuring the reliability of supplies.

2. Construction features integrated system security of OAO Gazprom

An analysis of the gas market shows that in the coming years and decades, a significant increase in gas demand is predicted, which means that the role of Gazprom, as a modern energy company in the world market, will increase.

In the face of growing demand for gas, the main strategic goal enterprises of the gas industry - increasing the efficiency and dynamic growth of production in the interests of consumers, improving its organizational structure.

Increasing requirements for the quality of information exchange and the level of its protection are determined, first of all, by competition in the gas and financial markets. The Gazprom Security Service also pays close attention to this issue. Of course, this is also dictated by production specifics. technological processes transportation and storage of gas, which imposes increased requirements for protection against "information terrorism" of operational dispatch control systems.

It is appropriate to cite several facts confirming the relevance of information protection work - up to 6,000 attempts to infect Gazprom's data transmission networks with various viruses occur a year, all this leads to long-term failure of automated workstations in the Company's corporate information system. Financial loss of time for downtime, labor costs for restoration, and taking into account possible lost profits, can amount to hundreds of thousands of US dollars.

In general, it should be stated that the threats of virus infection and threats from insiders continue to be extremely relevant for Gazprom's enterprises.

In accordance with the provisions of " special requirements and Recommendations on the Technical Protection of Confidential Information adopted by OAO Gazprom, its subsidiaries and organizations (STR-K) for management and implementation, the responsibility for ensuring the requirements for the technical protection of confidential information rests with the heads of departments.

It is obvious that the provision information security requires integrated approach, which should be based on an information security system, including organizational (trained personnel and regulatory documents) and technical (information security tools) components.

The main stages of creating an integrated information security system should be:

organization survey.

Performing information security audit work can be either internal forces, and with the involvement of a third-party organization;

· Designing an information security system. (Performed based on the results of an information security audit);

· Implementation of information security system.

It is carried out, as a rule, by a third-party organization with the participation of employees of the information security department to ensure quality control;

maintenance of the information security system.

Technical support of the integrated IS system is carried out by a third-party organization, and the operation and administration of security by the IS department;

training of information security specialists.

Training is carried out in a planned manner according to the schedule approved by the Gazprom security system.

As a rule, a gas transmission company is a territorially distributed organization with a large number of branches and subsidiaries located geographically remote from the central office.

The information and telecommunications system of such an enterprise is geographically distributed and has the ability to interact with external information systems - federal executive authorities, federal subjects, local authorities, as well as various open networks (Internet, Reuters, etc.).

Also at OAO Gazprom pays great attention to industrial safety.

The management of Gazprom considers the industrial safety management system, labor protection and environment necessary element effective management production and declares its responsibility for the successful management of occupational risks related to the impact on the life and health of workers, equipment, property and the environment.

No considerations of an economic, technical or other nature can be taken into account if they contradict the need to ensure the safety of workers in production, the population and the natural environment.

Gazprom guarantees its employees decent and safe working conditions by strictly complying with license requirements to ensure industrial safety. Working conditions are constantly monitored, workplaces are attested, and a risk insurance program is being implemented.

To ensure a unified approach to industrial safety issues, all enterprises of the Gazprom Group apply « Politics in industrial safety, labor protection and environment». Among the company's commitments, confirmed in this document, are the continuous improvement of working conditions and the increase in the level of industrial and environmental safety, the introduction effective system management, presentation of uniform requirements in the field of safety to employees and contractors.

To discuss the most important issues in the field of industrial safety and the formation of new strategic objectives, as well as adjustments to current ones, the company has created and operates collegiate body-- Council for industrial safety, labor protection and environment. The Council includes the heads of functional divisions of the Industrial Safety Department and the heads of the HSE, OHS and CP services of the company's major assets.

Achieving the stated goals at all enterprises of the group is impossible without standardization, therefore, since 2008, all enterprises of the group have been implementing the Integrated Management System for industrial and environmental safety, labor protection and the environment (HSE, OH&S), which complies with the international standards OHSAS 1800, ISO 14001 and ISO 9001. At the same time, all Gazprom enterprises are implementing a single standard for identifying, assessing and minimizing occupational risks. Monitoring the implementation of new standards is carried out in real time using computer system"Azimuth". It allows you to conduct online monitoring of the situation at the company's enterprises and receive prompt alerts about incidents.

The Company seeks to ensure a constant increase in the level of safety, a consistent reduction in accident rates, industrial injuries, and occupational diseases.

The company has a corporate standard that determines the procedure for providing employees with funds personal protection(PPE). Overalls, which are purchased by the company, comply with domestic and European safety requirements.

Occupational safety and health of employees is a sphere of mutual responsibility and constructive interaction between the company's management and trade unions. Mutual obligations on these issues are reflected in collective agreements and programs for the improvement of employees.

The company continues to implement a set of measures aimed at ensuring transport security, including the development normative documents, conducting security months, organizing staff training.

The policy and standards of Gazprom in the field of HSE, labor protection and civil protection are focused on minimizing risks and preventing accidents. An important direction in this work remains the creation of positions of employees authorized to solve problems in the field of civil defense, advanced training of management staff, training personnel in actions in an emergency, maintaining high level preparedness for emergency situations. In order to ensure preparedness for action in the event of emergencies, SDEs have created financial reserves and material resources. The readiness of subsidiaries and affiliates to respond to emergencies is checked during regular exercises and drills.

After analyzing the information security of the enterprise, we can conclude that information security needs to be given great attention, because. OAO Gazprom is a very large enterprise. Therefore, it seems to me that in order to achieve protection, an effective solution of the following tasks should be provided:

Protection against interference in the process of functioning of the enterprise by unauthorized persons;

protection against unauthorized actions with the information resources of the enterprise by unauthorized persons and employees who do not have the appropriate authority;

Ensuring completeness, reliability and efficiency information support making management decisions by the management of the enterprise;

Ensuring physical security technical means and software enterprises and their protection from the action of man-made and natural sources of threats;

registration of events affecting the security of information, ensuring full control and accountability of the implementation of all operations performed at the enterprise;

timely identification, assessment and forecasting of sources of threats to information security, causes and conditions that contribute to damage to the interests of subjects, disruption of the normal functioning and development of the enterprise;

Thus, we can say that it is impossible to fully protect the enterprise from external and internal threats. But with the help of such measures, it is possible to achieve a high level of protection for OAO Gazprom.

4. Determination of the raider suitability index of an enterprise of OAO Gazprom

So, let's find the suitability raider index for Gazprom OJSC.

1. The state is the owner of a controlling stake in Gazprom - 50.002%, i.e. less than half of the company's shares are dispersed among multiple shareholders. From this it follows that K1 = 0.5. (because dispersion is 25-51%).

2. Fixed assets of the company = 3621565477 thous. rubles, balance sheet = 7433141940 thousand rubles.

K2= 3621565477/7433141940= 0.49=0.5. This means that the share of fixed assets in the balance sheet exceeds 50%.

3. Accounts payable = 502161023 thousand rubles, balance sheet = 7433141940 thousand rubles.

K3 = 502161023/7433141940 = 0.067=0.1. This means that the company's accounts payable do not exceed the balance sheet currency and economic condition enterprises are stable.

4. K4=0, because OAO Gazprom pays regular dividends to its shareholders.

5. K5= 0.3, because industry profitability is more than 15% (i.e. 34%).

6. K6= 0.3, because Gazprom's enterprises are located in Moscow, St. Petersburg and other regions.

So, for OAO Gazprom, the sum of the coefficients was:

K1+K2+K3+K4+K5+K6= 0.5+0.5+0.1+0+0.3+0.3= 1,7.

The maximum value that can be obtained if the company has all the maximum values:

K1+K2+K3+K4+K5+K6= 0.7+0.5+0.5+0.3+0.3+0.3= 2,6.

Thus, OAO Gazprom obtained a suitability raider index less than the maximum value (1.7<2,6). Это говорит о том, что вероятность враждебного поглощения компании минимальна.

5. Analysis of the financial stability of the Latvia gas company according to the presented balance sheet

Latvia gas (Latvijas Gaze) is the gas company of Latvia. Headquarters in Riga. It is a partner of OAO Gazprom.

The security service of JSC "Gazprom" checks the financial stability of the company, whether they can pay off their debts on time.

An analysis of the financial stability of the Latvija gas company was carried out according to the following scheme:

Stage 1 - the necessary documents were received from the company under study for 2011 - these are:

balance sheet (form No. 1);

income statement (Form No. 2);

capital flow statement (Form No. 3).

Stage 2 - the authenticity of the submitted documents is verified, i.e. All documents are signed by the head of the company and the chief accountant and have an electronic signature.

Stage 3 - a preliminary analysis of the balance sheet was made in the form of compliance with the following indicators:

sum of "total by sections" = sum of rows within sections;

line 300 "balance" = line 700 "balance" = 7827957711 rubles;

line 470 "retained earnings of the reporting year" (form No. 1) = line 170 "retained earnings (losses) of the reporting period" (form No. 2) = 2292965777 rubles;

line 010 " authorized capital"(form No. 3) \u003d line 410 "authorized capital" (form No. 1) \u003d 118367564 rubles;

all these conditions are met, which means that the submitted documents are drawn up correctly.

Stage 4 - the assessment of the financial stability of the company is carried out according to the following scheme:

line 010 "authorized capital" (form No. 3) should be less than line 200 "net assets" (form No. 3) and in fact it is, i.e.:

118367564 rub.< 6189150344 руб.

This ratio is provided for by the Federal Law "On Joint Stock Companies" and if we did not comply, then this indicated that the financial collapse of the company was possible.

1. We calculate the autonomy coefficient, which shows how much the company is able to pay off its own funds with investors or shareholders when the appropriate deadlines come and must be at least 0.5.

· lines (590+640+650-490)/line 700 (form No. 1) = (6189150344+0+2134381-1003898769)/ 7827957711= 0.66>0.5

590 - "total for Section III» = 6189150344 rubles;

650 - "consumption funds" = 2134381 rubles;

490 - "total for section IV" = 1003898769 rubles;

700 - "balance" = 7827957711 rubles.

Thus, the autonomy coefficient = 0.66>0.5, i.e. an increase in the autonomy coefficient indicates an increase in the financial independence of the company.

2. We calculate the coverage ratio, which shows how much the company is able to pay off all its assets for debts and must be at least 2.

· lines (290-230-244-252)/(690-630+640+650) (form #1) =

(235682 3254-703918072-0-0)/(634908598- 722068+0+2134381)= 2,59>0 ,2 .

The names of the balance sheets are as follows:

290 - "total for section II" = 2356823254 rubles;

230 - receivables (payments for which are expected more than 12 months after the reporting date) "= 703918072 rubles;

244 - "debts of participants (founders) on contributions to the authorized capital" = 0;

252 - "own shares purchased from shareholders" = 0;

690 - “total for section V” = 634908598 rubles;

630 - "calculations on dividends" = 722068 rubles;

640 - "deferred income" = 0;

650 - "consumption funds" = 2134381 rubles.

Thus, the coverage ratio = 2.59> 0.2, which means that the company is able to pay off all its assets for debts.

3. We calculate the coefficient of enterprise management efficiency, which shows how much profit per unit products sold

line 050/line 010 (form No. 2) = 553268909/2486940618= 0.22

The line names are as follows:

050 - "profit from sales" = 553268909 rubles;

010 - "revenue (net) from the sale of goods, products, works, services (minus value added tax, excises and similar obligatory payments)" = 2486940618 rubles.

Thus, the coefficient of enterprise management efficiency = 0.22. Here we see an increase in the profitability of production, which indicates an increase in profitability and strengthening the financial well-being of the company.

So, the financial stability of the Latvia gas company is stable and the security service of OAO Gazprom can be trusted.

Findings of the research work

After a study of the company JSC "Gazprom", we can conclude:

1. The company's suitability raider index is less than the maximum value. This suggests that the likelihood of the OJSC being taken over by other companies is minimal.

2. After analyzing the financial stability of the Latvia gas company according to the presented balance sheet, we see:

A) the company is able to pay with its own funds to investors or shareholders when the appropriate time comes, i.e. growth of financial independence of the company;

B) the company is able to pay all its assets for debts;

C) an increase in the profitability of production, which indicates an increase in profitability and strengthening the financial well-being of the company.

All this suggests that Latvia gas can be trusted and can remain potential partner Gazprom".

Hosted on Allbest.ru

	Usable number of pages*	Terms loaded	Overall score
JSC "Gazprombank"	11	Very high
JSC “Entrepreneurship Development Fund “Damu”	14	High	A complex document for thoughtful reading, the layman will not read, and if he reads, he will not understand and will not remember
JSC NC KazMunayGas	3	Low	An easy-to-understand document that is not overloaded with technical terms
JSC "Radiotechnical Institute named after Academician A. L. Mints"	42	Very high	Difficult document for thoughtful reading, the layman will not read - too many pages

transcript

1 (Open Joint Stock Company) APPROVED by the decision of the Board of GPB (OJSC) on September 24, 2008 (minutes 35) As amended by the decision of the Board of GPB (OJSC) on September 30, 2009 (minutes 41), November 10 2010 (Minutes 49), March 22, 2012 (Minutes 11) Information Security Policy Gazprombank (Open Joint Stock Company) MOSCOW 2008

2 2 Contents 1. General provisions List of terms and definitions Description of the object of protection Goals and objectives of activities to ensure information security Threats to information security Model of the violator of information security Basic provisions for ensuring information security Organizational basis for ensuring information security10 9. Responsibility for compliance with the provisions of the Policy Monitoring compliance with the provisions of the Policy Final provisions. .. thirteen

3 3 1. General provisions 1.1. This Policy has been developed in accordance with the law Russian Federation and legal norms in terms of ensuring information security, the requirements of regulatory acts of the Central Bank of the Russian Federation, the federal executive body authorized in the field of security, the federal executive body authorized in the field of countering technical intelligence and technical protection of information, and is based, among other things, on: Doctrine of information security of the Russian Federation (from Pr-1895); Standard of the Bank of Russia STO BR IBBS “Ensuring information security of organizations of the banking system of the Russian Federation. General Provisions” This Policy is a document available to any employee of the Bank and user of its resources, and represents a system of views on the problem of ensuring information security officially adopted by the management of Gazprombank (Open Joint Stock Company) (hereinafter referred to as the Bank), and establishes the principles for building an information security management system. security based on a systematic presentation of the goals, processes and procedures of the information security of the Bank The management of the Bank is aware of the importance and necessity of developing and improving measures and means of ensuring information security in the context of the development of legislation and regulations banking, as well as the development of ongoing banking technologies and expectations of the Bank's customers and other stakeholders. Compliance with information security requirements will create competitive advantages to the Bank, to ensure its financial stability, profitability, compliance with legal, regulatory and contractual requirements and improve its image The information security requirements set by the Bank correspond to the interests (goals) of the Bank's activities and are designed to reduce the risks associated with information security to an acceptable level. Risk factors in the information area of the Bank are relevant to its corporate governance(management), organization and implementation of business processes, relationships with contractors and customers, internal business activities. Risk factors in the information area of the Bank constitute a significant part of the Bank’s operational risks, and are also related to other risks of the Bank’s core and management activities. The Bank’s strategy in the field of ensuring information security and information protection, among other things, safety, security information technologies and protection of information, security of personal data, banking secrecy and other legal acts; normative acts of federal executive bodies authorized in the field of ensuring physical security and technical protection of information, countering technical intelligence and ensuring information security and privacy; regulations of the Bank of Russia and standards of the Bank of Russia on ensuring information security from the set of standards "STO BR IBBS"; regulations of the Bank of Russia and documents of the Bank of Russia in the field of standardization "Ensuring the information security of organizations of the banking system of the Russian Federation", approved by the order of the Bank of Russia dated June 21, 2010

4 4 years Р-705 and accepted as mandatory for execution in the Bank in accordance with the order dated December 27, 2010 Requirements ensuring the Bank's information security must be strictly observed by the Bank's personnel and other parties as determined by the provisions of the Bank's internal regulatory documents, as well as the requirements of contracts and agreements to which the Bank is a party. This Policy applies to the Bank's business processes and is mandatory for use by all employees and management of the Bank, as well as users of its information resources The provisions of this Policy should be taken into account when developing information security policies in subsidiaries and affiliated organizations Guidelines for documentation in the field of information security in accordance with the requirements of STO BR IBBS 1.0, adopted and put into effect by the order of the Bank of Russia dated April 28, 2007. R-348 is a corporate document on first-level IS The documents detailing the provisions of the corporate Policy in relation to one or more areas of IS, types and technologies of the Bank's activities are private IS policies (hereinafter Private Policies), which are documents on IS of the second level , are drawn up as separate internal regulatory documents of the Bank, developed and agreed in accordance with the procedure established by the Bank, approved by the Curator. 2. List of terms and definitions This Policy uses terms with corresponding definitions in accordance with STO BR IBBS “Ensuring information security of organizations of the banking system of the Russian Federation. General Provisions” Business process is a sequence of technologically related operations for the provision of banking products and / or implementation of specific type ensuring the activities of the Bank Information security of the Bank (IS) in this Policy, the state of security of technological and business processes of the Bank, which combines the employees of the Bank, technical and software tools for processing information, information in the face of threats in the information sphere The information system of the Bank is a set of software and hardware systems of the Bank, used to ensure the business processes of the Bank. ATMs in this set are not considered as devices that are very different from other components of the Bank's information system and have their own unique properties in terms of information security or the availability of information assets and infrastructure and the creation of a threat to information security IT block is a set of independent structural divisions of the Bank responsible for the development, operation and maintenance of information banking systems.

5 Confidential information (hereinafter CI) information in respect of which the Bank has established a confidentiality regime Curator Deputy Chairman of the Board of the Bank in charge of the Bank's security issues, including information security issues Threat model descriptive presentation of the properties or characteristics of information security threats Violator model descriptive presentation of experience, knowledge , available resources of potential IS violators, necessary for them to implement the IS threat, and possible motivation for actions Responsible subdivision Security service (department). The main functions in this area are the implementation of this Policy, the development, implementation and support of information security systems The user of the information system is an individual who has the ability to access the information system of the Bank circumstances to increase income, avoid unjustified expenses, maintain a position in the market of goods, works, services or obtain other commercial benefits, and implementing measures to protect the CI, including: determining the list of information that makes up the CI in accordance with the "List of information in respect of which GPB (OJSC) has established a confidentiality regime”, approved by order dated); restricting access to CI by establishing a procedure for handling this information and monitoring compliance with such a procedure; accounting of persons who have gained access to CI, and (or) persons to whom such information was provided or transferred; regulation of relations on the use of CI by employees on the basis of employment contracts and counterparties on the basis of civil law contracts and agreements An information security risk event is an event caused by an operational risk that caused or could cause the Bank's losses and occurred due to an error or failure of banking processes, actions of people and systems, as well as due to external events Information security threat is an operational risk affecting the violation of one (or several) properties of information integrity, confidentiality, availability of protected objects. 3. Description of the object of protection The main objects of protection of the information security system in the Bank are: informational resources containing trade secrets, bank secrets, personal data individuals, information of limited distribution, as well as openly distributed information necessary for the operation of the Bank, regardless of the form and type of its presentation; information resources containing confidential information, including personal data of individuals, as well as openly distributed information necessary for the operation of the Bank, regardless of the form and type of its presentation;

6 6 Bank employees who are developers and users of the Bank's information systems; information infrastructure, including information processing and analysis systems, technical and software tools for its processing, transmission and display, including information exchange and telecommunications channels, information security systems and means, facilities and premises in which such systems are located. 4. Goals and objectives of information security activities The purpose of the Bank's information security activities is to reduce information security threats to a level acceptable to the Bank. The main objectives of activities to ensure the information security of the Bank: identifying potential threats to information security and vulnerabilities 1 of protected objects; prevention of information security incidents; exclusion or minimization of identified threats. 5. Threats to information security The whole set of potential threats to information security is divided into three classes according to the nature of their occurrence: anthropogenic, man-made and natural (natural). The emergence of anthropogenic threats is caused by human activity. Among them, one can single out threats arising from both unintentional (unintentional) actions: threats caused by errors in the design of the information system and its elements, errors in the actions of personnel, etc., and threats arising from intentional actions associated with mercenary , ideological or other aspirations of people. Anthropogenic threats include threats associated with instability and inconsistency of the requirements of the regulators of the Bank's activities and control bodies, with actions in management and management (management), inadequate goals and prevailing conditions, with consumed services, with the human factor. objective physical processes of a man-caused nature, the technical state of the environment of the object of threat or itself, not directly caused by human activity. Technogenic threats may include failures, including in operation, or destruction of systems created by man physical environment not directly caused by human activity. 1 In this document, a vulnerability refers to a weakness in one or more assets that can be exploited by one or more threats (GOST R ISO/IEC, Article 2.26). 2 This classification is carried out regardless of the classification of operational risks by risk factors, provided for by the Operational Risk Management Policy at JSB Gazprombank (CJSC) 25-P dated

7 7 Natural (natural) threats include threats of meteorological, atmospheric, geophysical, geomagnetic, etc., including extreme climatic conditions, meteorological phenomena, natural disasters. Sources of threats to the Bank's infrastructure can be both external and internal. 6. Information security offender model In relation to the Bank, offenders can be divided into external and internal offenders Internal offenders. The Bank considers as potential insiders: registered users of the Bank's information systems; employees of the Bank who are not registered users and are not allowed to access the resources of the Bank's information systems, but who have access to buildings and premises; personnel servicing the technical means of the Bank's corporate information system; employees of independent structural divisions of the Bank involved in the development and maintenance of software; employees of independent structural units ensuring the security of the Bank; leaders of various levels External intruders. The following are considered by the Bank as potential external offenders: former employees of the Bank; representatives of organizations interacting on issues technical support Jar; Bank clients; visitors to the buildings and premises of the Bank; competing with the Bank credit organizations; members of criminal organizations, intelligence officers or persons acting on their instructions; persons who accidentally or intentionally penetrated the Bank's corporate information system from external telecommunication networks (hackers) The following restrictions and assumptions about the nature of their possible actions are accepted with regard to internal and external violators: the violator hides his unauthorized actions from other employees of the Bank; unauthorized actions of the violator may be the result of errors of users, operating and maintenance personnel, as well as shortcomings in the accepted technology for processing, storing and transmitting information; in its activities, a probable intruder can use any available means of intercepting information, influencing information and information

8 8 systems, adequate financial means to bribe personnel, blackmail, social engineering methods and other means and methods to achieve their goals; an external intruder may act in collusion with an internal intruder. 7. Basic provisions for ensuring information security 7.1. The information security requirements of the Bank are mandatory for all employees of the Bank and users of information systems. The Bank's management welcomes and encourages in due course activities of the Bank's employees and users of information systems to ensure information security Non-fulfillment or poor-quality performance by the Bank's employees and users of information systems of their obligations to ensure information security may result in the deprivation of access to information systems, as well as the application of administrative measures of influence to the guilty, the degree of which is determined by the procedure established by the Bank or the requirements of the current legislation. The Bank's strategy in terms of countering information security threats consists in a balanced implementation of complementary security measures: from organizational measures at the level of the Bank's management to specialized information security measures for each risk identified in the Bank, based on an assessment of information security risks. maintaining a given level of security, the Bank adheres to a process approach in building an information management system security. The information security management system of the Bank is based on the implementation of the following main processes (planning, implementation and operation of protective measures, verification (monitoring and analysis), improvement) that meet the requirements of the Bank of Russia standard STO BR IBBS 1.0 and the provisions international standards to ensure information security. The implementation of these processes is carried out in the form of a continuous cycle of “planning, implementation, verification, improvement, planning”, aimed at continuous improvement of the activities to ensure the information security of the Bank and increase its efficiency. At all stages life cycle the information security of the Bank is managed in compliance with the regulatory documents that define the processes for managing the operational risks of the Bank When planning measures to ensure information security in the Bank, the following is carried out: Determining and distributing the roles of the Bank's personnel related to ensuring information security (information security roles) Assessing the importance of information assets, taking into account the need to ensure their properties from the point of view of information security Information security risk management, including: analysis of the impact on the information security of the Bank of the technologies used in the activities of the Bank, as well as external events in relation to the Bank; identification of information security problems, analysis of their causes and forecasting of their development; definition of information security threat models; identification, analysis and assessment of information security threats significant for the Bank;

9 9 identification of possible negative consequences for the Bank resulting from the manifestation of information security risk factors, including those associated with a violation of the security properties of the Bank's information assets; identification and analysis of information security risk events; assessing the magnitude of information security risks and identifying risks among them that are unacceptable for the Bank; processing the results of information security risk assessment based on operational risk management methods defined by the Bank; optimization of information security risks through the selection and application of protective measures that counteract the manifestations of risk factors and minimize possible negative consequences for the Bank in the event of risk events; assessment of the impact of protective measures on the objectives of the Bank's core business; assessment of costs for the implementation of protective measures; consideration and evaluation of various options for solving problems to ensure information security; development of risk management plans that provide for various protective measures and options for their application, and the choice of such one, the implementation of which will have the most positive impact on the objectives of the Bank's core business and will be optimal in terms of costs incurred and the expected effect; documenting goals and objectives of ensuring the information security of the Bank, maintaining up-to-date regulatory methodological support activities in the field of information security As part of the implementation of activities to ensure information security, the Bank performs: Management of information security incidents, including: collection of information about information security events; identification and analysis of information security incidents; investigation of information security incidents; prompt response to an information security incident; minimizing the negative consequences of information security incidents; prompt communication to the Bank's management of information on the most significant information security incidents and prompt decision-making on them, including regulation of the procedure for responding to information security incidents; implementation of decisions made on all information security incidents in a timely manner; revision of the applicable requirements, measures and mechanisms to ensure information security based on the results of consideration of information security incidents; increasing the level of knowledge of the Bank's personnel in matters of information security; ensuring regulation and management of access to software and software and hardware tools and services automated systems Bank and information processed in them;

10 10 application of means of cryptographic protection of information; ensuring the uninterrupted operation of automated systems and communication networks; ensuring the resumption of the operation of automated systems and communication networks after interruptions and emergency situations; use of anti-malware tools; ensuring information security at the stages of the life cycle of the Bank's automated systems related to the design, development, acquisition, supply, commissioning, maintenance ( after-sales service); ensuring information security when using Internet access and services Email; control of access to buildings and premises of the Bank Ensuring the protection of information from leakage through technical channels, including: the use of measures and technical means that reduce the likelihood of unauthorized receipt of information in oral form - passive protection; the use of measures and technical means that interfere with unauthorized receipt of information - active protection; application of measures and technical means that allow to identify channels of unauthorized receipt of information - search In order to verify information security activities, the Bank performs: control over the correctness of the implementation and operation of protective measures; control of changes in the configuration of systems and subsystems of the Bank; monitoring risk factors 3 and reviewing them accordingly; control over the implementation and compliance with the requirements by the Bank's employees of the current internal regulatory documents to ensure the information security of the Bank; control over the activities of employees and other users of information systems of the Bank, aimed at identifying and preventing conflicts of interest core business of the Bank). 8. Organizational basis of information security activities 8.1. In order to fulfill the tasks of ensuring the information security of the Bank, in accordance with the recommendations of international and Russian standards on security in the Bank, the following roles should be defined: Curator; Responsible department; 3 The term “risk factor” is defined in the Operational Risk Management Policy at JSB Gazprombank (CJSC) dated PR.

11 11 Bank employee. If necessary, other information security roles can be defined. Operational activities and planning activities to ensure the information security of the Bank are carried out and coordinated by the Responsible Unit. The tasks of the Responsible Unit are: to determine the Bank's needs for the application of information security measures, determined both by internal corporate requirements and by the requirements of regulations; compliance with current federal legislation, regulations of federal executive authorities authorized in the field of security and counteraction to technical intelligence and technical protection of information, regulations of the Bank of Russia and Bank of Russia standards for ensuring information security, regulations for ensuring information security, privacy and non-disclosure, the markets accepted by the regulators where the interests and business of the Bank are represented; development and revision of internal regulatory documents to ensure the information security of the Bank, including plans, policies, regulations, regulations, instructions, methods, lists of information and other types of internal regulatory documents; monitoring the relevance and consistency of internal regulatory documents (policies, plans, methods, etc.) affecting the information security of the Bank; training, control and direct work with the Bank's personnel in the field of information security; planning the application, participation in the supply and operation of information security tools for facilities and systems in the Bank; identification and prevention of the implementation of threats to information security; identifying and responding to information security incidents; informing in due course responsible persons(Department of Analysis and Control of Banking Risks) about threats and risky events of information security; forecasting and prevention of information security incidents; suppression of unauthorized actions of violators of information security; maintenance of the database of information security incidents, analysis, development of optimal incident response procedures and personnel training; typification of decisions on the application of measures and means of ensuring information security and dissemination standard solutions to branches and representative offices of the Bank; ensuring the operation of means and mechanisms for ensuring information security; monitoring and evaluation of information security, including assessment of the completeness and sufficiency of protective measures and activities to ensure the information security of the Bank;

12 12 control of information security of the Bank, including on the basis of information about information security incidents, the results of monitoring, evaluation and audit of information security; informing the management of the Bank and the heads of its independent structural subdivisions of the Bank about information security threats affecting the activities of the Bank The Responsible Subdivision may create operational groups to conduct investigations of information security incidents, headed by an employee of the Responsible Subdivision, and may, if there is a reasonable need, in agreement with the heads of the relevant subdivisions , involve employees of other independent structural divisions of the Bank to work in them on the basis of combining work in the group with their main official duties Funding for the implementation of the provisions of this Policy is carried out both within the target budget of the Bank’s Responsible Division and within the budgets of business divisions and divisions of the IT block. The main functions of the Curator in matters of information security are: security in the Bank The main tasks of the Bank's employees in the performance of their duties and as part of their participation in operational activities to ensure the Bank's information security are: compliance with the information security requirements established by the Bank's regulatory documents; identification and prevention of the implementation of threats to information security within its competence; identifying and responding to information security incidents; informing the responsible persons (Department of Analysis and Control of Banking Risks) in accordance with the established procedure about the identified threats and risk events of information security; forecasting and preventing information security incidents within its competence; monitoring and evaluation of information security within their area of work (workplace, structural unit) and within its competence; informing its management and the Responsible Department about the identified threat in the information environment of the Bank. 9. Responsibility for compliance with the provisions of the Policy General management of information security of the Bank is carried out by the Curator. Responsibility for keeping the provisions of this Policy up to date, creating, implementing, coordinating and amending the processes of the Bank's information security management system lies with the management of the Responsible Unit.

13 13 The responsibility of the Bank's employees for failure to comply with this Policy is determined by the relevant provisions included in contracts with the Bank's employees, as well as the provisions of the Bank's internal regulatory documents. 10. Monitoring compliance with the provisions of the Policy General control the state of information security of the Bank is carried out by the Curator. Current control over compliance with this Policy is carried out by the Responsible Department. Control is carried out by monitoring and managing information security incidents of the Bank, based on the results of an information security assessment, as well as within the framework of other control measures. Department internal control monitors compliance with this Policy on the basis of an internal audit of information security. 11. Final Provisions The requirements of this Policy may be developed by other internal regulatory documents of the Bank, which supplement and clarify it otherwise regulations and the Charter of the Bank. In this case, the Responsible Department is obliged to immediately initiate the introduction of appropriate changes. Changes to this Policy are carried out on a periodic and unscheduled basis: periodic changes to this Policy must be made at least once every 24 months; unscheduled changes to this Policy may be made based on the results of an analysis of information security incidents, the relevance, sufficiency and effectiveness of the information security measures used, the results of internal information security audits and other control measures. The head of the Responsible Department is responsible for making changes to this Policy.

14 14 Responsible executor Head of the Information Technology Security Division of the Information Security Directorate of the Security Service (Department) A.K. Pleshkov

1 List of tests with description Folder: General tests => Banking tests => INFORMATION SECURITY General tests Banking tests Folder INFORMATION SECURITY Number of tests Demo

APPROVED by the Board of Directors of ING BANK (EURASIA) ZAO Minutes 10-2011 dated December 16, 2011 RUSSIAN ING BANK (EURASIA) ZAO (CLOSED JOINT STOCK COMPANY) Regulations on the organization of risk management

PRIVATE POLICY REGARDING THE PROCESSING OF PERSONAL DATA Bank "Taatta" JSC Yakutsk 2016 Contents 1. General provisions ... 3 2. The concept and composition of personal data ... 3

APPROVED by the Board of Directors of ING BANK (EURASIA) ZAO Minutes 10-2011 dated December 16, 2011 RUSSIAN ING BANK (EURASIA) ZAO (CLOSED JOINT STOCK COMPANY)

Approved by: Decision of the Board Minutes 499 dated "18"07. 2005 Information security policy V.23 Irkutsk 2005 Contents: 1. Introduction..3 2. Scope..3 3. Normative references. 3

FEDERAL SERVICE FOR TECHNICAL AND EXPORT CONTROL (FSTEC of Russia) ORDER February 11, 2013 Moscow 17

APPROVED by Order 06-12OD dated January 25, 2012 Personal data processing policy at Goldman Sachs Bank LLC Moscow 2012 1 INTRODUCTION This Personal Data Processing Policy at Goldman LLC

FEDERAL RAILWAY TRANSPORT AGENCY Ukhta College railway transport- branch of the federal state budgetary educational institution of higher professional

National standard of the Russian Federation GOST R 50922-2006 "Information security. Basic terms and definitions" (approved by order of the Federal Agency for Technical Regulation and Metrology dated December 27

FEDERAL SERVICE FOR TECHNICAL AND EXPORT CONTROL (FSTEC OF RUSSIA) Approved by FSTEC of Russia 2015

APPROVED by order of ",? / /" U / 20 / t. Director M A U D ZH C / IG "Harmony" Yarmolyuk J1.B. on the procedure for organizing and carrying out work on further data in the MAUDOD CDT "Harmony" g and a 1. General provisions

CENTRAL BANK OF THE RUSSIAN FEDERATION LETTER No. 36-T dated March 31, 2008 ON RECOMMENDATIONS ON ORGANIZING THE MANAGEMENT OF RISKS ARISING WHEN CREDIT INSTITUTIONS CARRY OUT OPERATIONS USING

CODE OF PROFESSIONAL ETHICS OF VNESHECONOMBANK CARRYING OUT ACTIVITIES RELATED TO FORMATION AND INVESTMENT OF PENSION SAVINGS 2 CONTENTS I. GENERAL PROVISIONS...3 II. PRINCIPLES OF PROFESSIONAL

Promsvyazbank Open Joint Stock Company U P E R ZH D E N By Order of the President of Promsvyazbank OJSC dated December 24, 2012 245/6 12-67-01 POLICY regarding the processing of personal data (version

2 UDC 347.775(075.8) А19 Peer reviewers: Department of Software for Computer Engineering and Information Security Systems of Kurgan state university; doctor of technical

(As amended by the order of JSC "Rosselkhozbank" dated August 17, 2015 708-OD) JOINT STOCK COMPANY "RUSSIAN AGRICULTURAL BANK" (JSC "ROSselkhozbank") APPROVED by the decision of the Management Board of JSC "Rosselkhozbank" (minutes

REGULATION ON THE INFORMATION POLICY OF OJSC MMC NORILSK NICKEL APPROVED by the decision of the Board of Directors of OJSC MMC Norilsk Nickel Minutes dated May 2009

VII Scientific Conference“Insurance against the challenges of the XXI century”, Ridzina, Poland, May 20-22, 2013 REINSURER RISK MANAGEMENT (BY THE EXAMPLE OF TRANSSIBERIAN REINSURANCE CORPORATION JSC, RUSSIA) I.

Sheet 2 Foreword The goals and principles of standardization in the Russian Federation are established by the Federal Law of December 27, 2002 184-FZ "On Technical Regulation" Information about the documented procedure 1

ENTERPRISE STANDARD Environmental management system. Environmental Policy of OAO Irkutskenergo Introduced to replace STP 001.114.112-2007 APPROVED by General Director of OAO Irkutskenergo O. N. Prichko (date)

OPEN JOINT STOCK COMPANY "SBERBANK OF RUSSIA" APPROVED general meeting shareholders of OJSC Sberbank of Russia (Minutes No. 27 dated June 10, 2014) joint-stock company

"APPROVED" General Director V.I. Stefan REGULATIONS ON THE ANTI-CORRUPTION POLICY OF THE OPEN JOINT-STOCK COMPANY "Voronezh Research Institute" Vega "Voronezh 1 Contents 1 Introduction...2

ÑÒÀÍÄÀÐÒ ÁÀÍÊÀ ÐÎÑÑÈÈ ÑÒÎ ÁÐ ÈÁÁÑ-1.0-2010 ÎÁÅÑÏÅ ÅÍÈÅ ÈÍÔÎÐÌÀÖÈÎÍÍÎÉ ÁÅÇÎÏÀÑÍÎÑÒÈ ÎÐÃÀÍÈÇÀÖÈÉ ÁÀÍÊÎÂÑÊÎÉ ÑÈÑÒÅÌÛ ÐÎÑÑÈÉÑÊÎÉ ÔÅÄÅÐÀÖÈÈ ÎÁÙÈÅ ÏÎËÎÆÅÍÈß Дата введения: 2010-06-21 Издание официальное Ìîñêâà

MINISTRY OF EDUCATION AND SCIENCE OF THE RUSSIAN FEDERATION Federal state budgetary educational institution higher vocational education"Pacific i State University"

APPROVED by the Decision of the Board of Directors of AEDC JSC dated December 29, 2014 protocol 15 REGULATION on CEO Joint Stock Company "Akmola Electricity Distribution Company" Introduced

ÐÅÊÎÌÅÍÄÀÖÈÈ Â ÎÁËÀÑÒÈ ÑÒÀÍÄÀÐÒÈÇÀÖÈÈ ÁÀÍÊÀ ÐÎÑÑÈÈ ÐÑ ÁÐ ÈÁÁÑ-3-200 ÎÁÅÑÏÅ ÅÍÈÅ ÈÍÔÎÐÌÀÖÈÎÍÍÎÉ ÁÅÇÎÏÀÑÍÎÑÒÈ ÎÐÃÀÍÈÇÀÖÈÉ ÁÀÍÊÎÂÑÊÎÉ ÑÈÑÒÅÌÛ ÐÎÑÑÈÉÑÊÎÉ ÔÅÄÅÐÀÖÈÈ ÒÐÅÁÎÂÀÍÈß ÏÎ ÎÁÅÑÏÅ ÅÍÈÞ ÁÅÇÎÏÀÑÍÎÑÒÈ ÏÅÐÑÎÍÀËÜÍÛÕ

Report: Regulatory regulation of RBS in Russia Evgeny Tsarev http://www.ruscrypto.ru/conference/ General structure of regulatory documents 161 FZ On the national payment system 115-FZ On counteraction

ADMINISTRATION OF THE CITY OF SMOLENSK RESOLUTION (as amended by resolutions of the Administration of the city of Smolensk dated 12/02/2014 2094, 284-adm dated 12/23/2015, 394-adm dated 12/29/2015) dated 12/30/2010 920-adm

Appendix to Decision 16/4 Draft Conceptual provision on the Unified Center for Security in Cyberspace of the CIS Member States. Information sphere, being a system-forming factor

Requirements GOST R ISO 9001-2008, 8.5.2 Corrective actions The organization shall take corrective actions to eliminate the causes of nonconformities in order to prevent their recurrence.

APPROVED: Chairman of the Board of CJSC "PERVOURALSKBANK" Romanov M.S. 2012 POLICY regarding the processing of Personal Data in CJSC "PERVOURASKBANK", Pervouralsk 1. INTRODUCTION 1.1 The most important condition

Approved by the decision of the Board of Directors of OAO NOVATEK Minutes 60 dated 15.12.05. NOVATEK CODE OF CORPORATE CONDUCT Moscow 2005 1. INTRODUCTION Under corporate conduct

POLICY FOR PROCESSING PERSONAL DATA AT IDPERSONNEL COMPANY Kazan 2014 www.idpersonnel.ru 1. GENERAL PROVISIONS 1.1. This Policy defines the conditions and procedures for the IDPersonnel Company

APPROVED by the Decision of the Board of Directors of PJSC BANK YUGRA Minutes dated 18.08.2015 18.08.15/1 Chairman of the Board of Directors of PJSC BANK YUGRA A.V. Fomin REGULATIONS ON THE INTERNAL CONTROL SYSTEM OF PJSC BANK YUGRA

CENTRAL BANK OF THE RUSSIAN FEDERATION LETTER No. 49-T dated March 24, 2014 ON RECOMMENDATIONS ON ORGANIZING THE APPLICATION OF MEANS OF PROTECTION AGAINST MALICIOUS CODE WHEN CARRYING OUT BANKING ACTIVITIES In connection with

APPROVED by the Decision of the Board of Directors of WHSD OJSC Minutes 9/2011 dated June 27, 2011 Chairman of the Board of Directors / Yu. V. Molchanov Regulations on Insider Information of the Open Joint Stock Company

Development, operation and certification of information security management systems MS ISO/IEC 27001-2005 Ilya Iosifovich Livshits, senior expert Introduction Alexander Sankov

Environment, Health and Safety Management and Performance Standards Management Standards Management Standard 1: Leadership and Responsibility. In our company

FEDERAL AGENCY FOR TECHNICAL REGULATION AND METROLOGY NATIONAL STANDARD OF THE RUSSIAN FEDERATION GOST R 50922 2006 Information security BASIC TERMS AND DEFINITIONS Official publication BZ 1 2007/378

DEVELOPMENT AND IMPLEMENTATION OF A QUALITY MANAGEMENT SYSTEM MANAGEMENT SYSTEM Any organization has a management system, which is a set of organizational structure, business processes, methods

APPROVED by the decision of the sole shareholder of OJSC EMZ im. V. M. Myasishchev "" June 27, 2011 REGULATIONS ON THE SOLE EXECUTIVE BODY (GENERAL DIRECTOR) of Open Joint Stock Company Experimental

APPROVED by the decision of the Board of Directors of CB "MIA" (JSC) dated 01.03.2016 Minutes 2 INFORMATION POLICY of the Commercial Bank "Moscow Mortgage Agency" (Joint Stock Company) (Version 1) Moscow,

Rules of the Unified payment and service system "Universal electronic card» Revision 2.2.01 Rules of the Universal Electronic Card Payment System Annex PS-13 Revision 2.2.01 1 CONTENTS Introduction...

PUBLIC JOINT STOCK COMPANY "SBERBANK OF RUSSIA" APPROVED by the Committee of the Trade Union of Employees of Public Joint Stock Company "Sberbank of Russia" Resolution dated 23.10.2015 11 APPROVED by the Supervisory Board

Annex The concept of creating an Integrated Information System for Foreign and Mutual Trade Customs Union 2 1. INTRODUCTION... 3 1.1. Purpose and structure of the document... 3 1.2. The general content of the document...

FEDERAL AGENCY FOR TECHNICAL REGULATION AND METROLOGY NATIONAL STANDARD OF THE RUSSIAN FEDERATION GOST R Safety of information geological resources of the subsoil Basic provisions Moscow Standartinform

FOR EDUCATIONAL PURPOSE OPEN JOINT STOCK COMPANY "GAZPROM" STANDARD OF ORGANIZATION Management system QUALITY MANAGEMENT SYSTEM Requirements STO Gazprom 9001-20 Official publication OPEN JOINT STOCK

Approved by the Board of Directors of OAO Far Eastern Energy Company on September 17, 2007 Minutes 23 REGULATIONS on the Service Internal Audit Article 1. General provisions 1.1. This Regulation on

1. GENERAL PROVISIONS 1.1. This Regulation has been developed on the basis of the requirements: federal law of the Russian Federation dated July 27, 2006 152 “On Personal Data”; Federal Law of the Russian Federation

Personal data processing policy of the rosvakant.ru website (for unlimited access, published in accordance with Part 2 of Article 18.1 of the Federal Law of July 27, 2006 N 152-FZ "On Personal Data")

APPROVED by the Minutes of the Board of Directors of PJSC PIK Group of Companies dated 3 July 30, 2015 INTERNAL CONTROL AND RISK MANAGEMENT POLICY PJSC PIK GROUP Policy PT1001.0100.006.01-2015

GOVERNMENT OF THE RUSSIAN FEDERATION DECISION No. 781 of November 17, 2007 ON APPROVAL OF THE REGULATION ON ENSURING THE SECURITY OF PERSONAL DATA DURING THEIR PROCESSING IN PERSONAL INFORMATION SYSTEMS

STO 003-2016 Ministry of Education and Science of the Russian Federation Federal State Budgetary Educational Institution higher education IRKUTSK NATIONAL RESEARCH TECHNICAL

APPROVED by the decision of the Board of JSC "BaikalInvestBank" Minutes 4394 dated December 31, 2015 CODE OF CORPORATE ETHICS JSC BaikalInvestBank Irkutsk 2015 CONTENTS 1. GENERAL PROVISIONS... 3 2. MISSION OF THE BANK...

Annex 1 to the decision Supervisory Board 01/16z dated 12.01.2016 PJSC Leto Bank POR Y D OK to prevent conflicts of interest in PJSC Leto Bank Moscow 2016 Contents Page I. Goals and objectives.3 II. Terms

OPEN JOINT STOCK COMPANY "KRAINODAR REGIONAL INVESTMENT BANK" (JSC "KRAIINVESTBANK") APPROVED BY THE DECISION OF THE BOARD OF DIRECTORS OF OJSC "KRAIINVESTBANK" MINUTES DATED 06/30/2015 10 ANTI-CORRUPTION POLICY

GOVERNMENT OF THE KURGAN REGION DEPARTMENT OF EDUCATION AND SCIENCE OF THE KURGAN REGION ORDER dated ///. 03- Mm6 36 in Kurgan On approval of the Policy for the processing and protection of personal data in the Department of Education

OPEN JOINT STOCK COMPANY "GAZPROM" Management systems Organizational standard QUALITY MANAGEMENT SYSTEMS. REQUIREMENTS STO Gazprom 9001-2012 EDITION OFFICIAL MOSCOW 2014.indd 2-3 03.07.2014 12:34:32

APPROVED by the Decision of the Board of Directors of Rosneft on January 30, 2015 Minutes of February 02, 2015 20 Entered into force on February 18, 2015 by Order of February 18, 2015 60 COMPANY POLICY

ÐÅÊÎÌÅÍÄÀÖÈÈ Â ÎÁËÀÑÒÈ ÑÒÀÍÄÀÐÒÈÇÀÖÈÈ ÁÀÍÊÀ ÐÎÑÑÈÈ ÐÑ ÁÐ ÈÁÁÑ-2.4-2010 ÎÁÅÑÏÅ ÅÍÈÅ ÈÍÔÎÐÌÀÖÈÎÍÍÎÉ ÁÅÇÎÏÀÑÍÎÑÒÈ ÎÐÃÀÍÈÇÀÖÈÉ ÁÀÍÊÎÂÑÊÎÉ ÑÈÑÒÅÌÛ ÐÎÑÑÈÉÑÊÎÉ ÔÅÄÅÐÀÖÈÈ ÎÒÐÀÑËÅÂÀß ÀÑÒÍÀß ÌÎÄÅËÜ ÓÃÐÎÇ ÁÅÇÎÏÀÑÍÎÑÒÈ

Personal data processing policy in Mobilux LLC (for unlimited access, published in accordance with Part 2 of Article 18.1 of the Federal Law of July 27, 2006 N 152-FZ "On Personal Data")

1 1. Introduction The Code of Ethics and Official Conduct of FSUE TsAGI Employees (hereinafter referred to as the Code) establishes rules that provide for ethical values and rules of official conduct for executives

Foreword 1 DEVELOPED by the Department of Standardization and Quality 2 APPROVED AND INTRODUCED INTO EFFECT 3 REPLACEMENT 4 Date of mailing to users By order of the rector of 14.01.16

The concept of information security of Gazprom. Information security policy Gazprombank

Send your good work in the knowledge base is simple. Use the form below

Similar Documents

The need for an information security policy

Understanding the goals and objectives of the information security department

Policy requirements are the basis for implementing safeguards

Implementation and use of information security policy

transcript