RTK-Solar launched DLP legitimization services in Russian companies

Posted by

Technical protection

RTK-Solar launched services to legitimize the leak protection system (DLP) in Russian organizations. These services will help legally competently formalize the implementation of a DLP system in an organization in order to avoid civil, administrative and criminal liability as a result of using the system.

The use of DLP-systems in the company imposes certain requirements on the process of protection against leaks. First of all, it is the observance of the fundamental constitutional rights of employees and the rights of personal data subjects. It is also necessary to competently organize the process of protecting restricted access information, official, commercial secrets, suppressing signs of corruption and other types of fraud in the company from the point of view of the law. In addition, as a result of the legitimization of the DLP system, data from it can be used as a source of evidence for incidents that have occurred in the company, including in court.

RTK-Solar experts recommend starting the DLP legitimization process even before the start of the implementation project, by defining a list of restricted access information, the procedure for its use, protection and access to it. At the stage of system implementation, the process of legitimization begins with the introduction of rules for the use of computer technology and communications by employees. For example, employees should not use personal email for official purposes, store personal information on corporate devices. Based on the results of the training, employees should understand that corporate (service) communication channels are controlled by default.

The legitimization stage itself assumes that a trade secret regime is introduced in the company, a list of restricted information is determined, a ban on its disclosure is introduced, and responsibility for violating this ban is determined. Employees are notified in writing about automated monitoring of workstations using the DLP system. As a result, the risk of violation of the rights and freedoms of employees is reduced, and it also becomes possible to use DLP system data in litigation as admissible evidence.

Cybersecurity CII: from theory to practice

Data protection

Alexey Kubarev, head of the business development department of the RTK-Solar Dozor product center, said: “We have repeatedly received requests from our customers not only for the technical, but also for the legal implementation of the Solar Dozor DLP system. At the moment, we have provided the DLP legitimization service in several organizations of the public sector and the transport industry. Based on the results of such projects, customers noted that they managed to streamline and systematize the processes of protecting restricted access information, and build an incident response system from scratch. The legitimization of DLP seems to customers to be a complex and confusing process that requires the development and adoption of a whole range of documents in the company that affect various areas and interests of several departments (labor relations, personal data, trade secrets, information resources). Our DLP legal implementation services will help clients navigate the process quickly and successfully.”

Source link

Leave a Reply

Your email address will not be published.