Get a demo
I hereby consent to the processing of my personal data specified herein by CROC, for the purposes and within the scope set forth by the Personal Data Protection legislation of the Russian Federation, in conjunction with the activities performed and for an indefinite term.
Solution of interest
Get a quote
I hereby consent to the processing of my personal data specified herein by CROC, for the purposes and within the scope set forth by the Personal Data Protection legislation of the Russian Federation, in conjunction with the activities performed and for an indefinite term.
Solution of interest
Try for free
I hereby consent to the processing of my personal data specified herein by CROC, for the purposes and within the scope set forth by the Personal Data Protection legislation of the Russian Federation, in conjunction with the activities performed and for an indefinite term.
Solution of interest

Cloud Certified for Compliance with Personal Data Protection Law ( (152-FZ)

To host personal data (PD) and PD systems in compliance with Federal Law 152-FZ, CROC Cloud Services offers either IaaS in a protected segment of its cloud or HaaS.

Here, personal data means any information related, directly or indirectly, to a particular individual, while personal data information system means a set of information technologies and tools installed in relevant databases and used to process personal data, like mail systems, directory services (e.g., Microsoft Active Directory, Novell eDirectory), business apps, etc.

Personal data classification

Personal data is assigned a certain protection level (from 1 to 4) depending on data category, number of personal data subjects whose details are stored and processed by an operator, and relevant threats.


croc-cloud-schems20_2_eng-01.png

Category-specific protection model

CROC Cloud Services protects personal data of all protection levels by offering IaaS in a protected segment of CROC's cloud (protection levels 3 and 4) or HaaS with an extended set of security means, including hardware (protection levels 1 and 2).


croc-cloud-schems20_2_eng-02.png

Protected segment of CROC's Cloud In Detail

To protect personal data using IaaS, CROC Cloud Services employs a virtualization platform certified to process personal data of up to protection level 3 and confidentiality level 3 and provides individual protection for each customer's personal data information system. The above covers all technical and organizational protection measures required for personal data storage.


croc-cloud-schems20_1_eng-01.png

Technical protection tools certified by FSTEC and FSB and ensuring the target protection level:

  • Virtualization protection tools
  • Firewall
  • Communication channel cryptoprotection
  • Intrusion detection
  • Antivirus
  • Unauthorized access protection
  • Security assessment
  • Trusted load hardware-and-software modules

All the above is required by Russian law for storing and processing personal data in cloud infrastructure.

Document and certification assistance

CROC Cloud Services develops private threat models and sets of regulatory documents and guidelines compliant with Federal Law 152-FZ "On Personal Data":

  • Personal data security regulation
  • Design documentation
  • Plans
  • Instructions and rules
  • Orders
  • Acts
  • Subject's consent

We also assist in obtaining certificates of personal data system compliance with the required protection level.

See also

  1. Security
  2. Infrastructure Services
  3. Private Cloud
  4. CROC Cloud services on Cisco technologies
  5. CROC's proprietary cloud platform
  6. Technology vendors