|
|
The Russian pharmaceutical market is growing - in 2022, its volume increased by 12% to 2.57 trillion rubles. 544 organizations have a license to produce medicines in the Russian Federation , and more than 70 thousand pharmacies sell pharmaceutical products, according to the Pharma-2030 strategy approved by the Russian government.
According to Federal Law No. 187-FZ “On the Security of Critical Information Infrastructure of the Russian Federation”, subjects of critical information infrastructure are legal entities, commercial organizations, and government agencies that use information resources on the basis of ownership or lease.
As Kept Senior Consultant Evgeny Sadkov noted in his speech at the webinar,
in a pharmaceutical company, this content writing service could be automated production management systems, business processes, as well as a corporate network
If an organization has such systems and operates in the areas of healthcare, science and the chemical industry, it is a subject of critical information infrastructure, he emphasized.
- We are guided by the recommendations of the FSTEC of Russia, where it is proposed to use the company's constituent documents, information from OKVED and licenses for activities as initial data for determining the scope. Based on this, in healthcare, critical information infrastructure includes such processes and systems, the violation of which can lead to damage to human life and health.
Pharmaceutical companies collect, process and store huge amounts of data about their employees, interns, clients, patients and contractors, Kept manager Roman Martinson noted at the webinar. According to him,
in everyday life, people, or personal data subjects, generate large amounts of personal data and share them with government agencies, companies and other people
Roman Martinson, Kept :
– Among other things, pharmaceutical industry organizations process special personal data – information that reveals essential information about an individual: race, nationality, health status, biometric and genetic data.
Although clinical trials use anonymized data, it is important to remember that
personal data is a set of information about a person by which his identity can be determined
Moreover, Roskomnadzor believes that anonymized information still remains personal data, since it characterizes a person.
In addition, employee fingerprints, which are used to access premises or to operate equipment, are biometric data.
ATTENTION TO PROCESSES
To understand what needs to be protected, it is necessary to conduct an inventory of digital systems and identify processes in the company's activities that require special attention. "Based on the results of the process inventory, we must understand where and what data is transferred, where it is stored and which of these processes are especially important and critical," Roman Martinson emphasized.
According to Evgeny Sadkov, in order to bring these processes into compliance with the requirements of the legislation on critical information infrastructure, it is necessary to:
analyze the organizational structure of the company, meet with department heads;
identify business processes that are unique to the unit;
conduct an inventory of software, servers and local networks;
understand from whom the data is received and to whom it is transmitted.
Evgeniy Sadkov, Kept:
– Meetings with managers must be documented in the form of a protocol. It is also necessary to analyze the processes of transferring personal data to third parties and determine their status. Each process requires a description of the categories of data being processed and who they belong to, as well as the flows and volume of information being transferred. |
|
窺視卡
雷達卡
發表於 2024-11-9 11:25:33
提升卡
置頂卡
沉默卡
喧囂卡
變色卡
千斤頂
照妖鏡