To host personal data (PD) and PD systems in compliance with Federal Law 152-FZ, CROC Cloud Services offers either IaaS in a protected segment of its cloud or HaaS.
Here, personal data means any information related, directly or indirectly, to a particular individual, while personal data information system means a set of information technologies and tools installed in relevant databases and used to process personal data, like mail systems, directory services (e.g., Microsoft Active Directory, Novell eDirectory), business apps, etc.
Personal data classification
Personal data is assigned a certain protection level (from 1 to 4) depending on data category, number of personal data subjects whose details are stored and processed by an operator, and relevant threats.
Category-specific protection model
CROC Cloud Services protects personal data of all protection levels by offering IaaS in a protected segment of CROC's cloud (protection levels 3 and 4) or HaaS with an extended set of security means, including hardware (protection levels 1 and 2).
Protected segment of CROC's Cloud In Detail
To protect personal data using IaaS, CROC Cloud Services employs a virtualization platform certified to process personal data of up to protection level 3 and confidentiality level 3 and provides individual protection for each customer's personal data information system. The above covers all technical and organizational protection measures required for personal data storage.
Technical protection tools certified by FSTEC and FSB and ensuring the target protection level:
- Virtualization protection tools
- Communication channel cryptoprotection
- Intrusion detection
- Unauthorized access protection
- Security assessment
- Trusted load hardware-and-software modules
All the above is required by Russian law for storing and processing personal data in cloud infrastructure.
Document and certification assistance
CROC Cloud Services develops private threat models and sets of regulatory documents and guidelines compliant with Federal Law 152-FZ "On Personal Data":
- Personal data security regulation
- Design documentation
- Instructions and rules
- Subject's consent
We also assist in obtaining certificates of personal data system compliance with the required protection level.