9.1. When processing personal data, the Organization takes the necessary legal, organizational and technical measures to protect personal data from accidental or unauthorized access to them, destruction, alteration, blocking, copying, provision, dissemination of personal data, as well as from other illegal actions in relation to personal data.
9.2. Ensuring the security of personal data is achieved in particular:
by development of a Policy on the processing of personal data in the Organization, as well as other internal documents on the processing of personal data;
by familiarization of the employees of the Organization, who directly process personal data, with the provisions of the legislation of the Russian Federation on personal data, including the requirements for the protection of personal data, documents defining the Policy regarding the processing of personal data, as well as other internal documents of the Organization on personal data processing;
by the use of organizational and technical measures to ensure the security of personal data when processing them in personal data information systems necessary to ensure the appropriate levels of protection established by Decree of the Government of the Russian Federation No. 1119 as of November 1, 2012;
by application of the procedure for assessing the compliance of information security tools in accordance with the established procedure;
by evaluating the effectiveness of measures taken to ensure the security of personal data prior to the commissioning of the personal data information system;
by taking into account personal data storage media;
by detection of facts of unauthorized access to personal data and taking necessary measures;
by restoration of personal data modified or destroyed due to unauthorized access to them;
by establishing rules for access to personal data processed in the personal data information system, as well as ensuring the registration and accounting of all actions performed with personal data in the personal data information system;
by control over measures taken to ensure the security of personal data and the level of security of the personal data information system.
9.3. In order to monitor compliance with the requirements of the legislation of the Russian Federation and coordinate actions to ensure the security of personal data, the Director General appointed a person by his order being responsible for organizing the processing of personal data in the Organization.
