Throughput and intra-object mode

Pass-through and intra-object regimes are usually established by legal entities whose work is related to information classified as state secret. However, special conditions of work may be envisaged by other firms and institutions. Let's consider further, how the organization of the throughput and intra-object mode is carried out.

General information

Many enterprises provide for an information security system. As its key element is the internal mode. The instruction on its introduction and execution is an obligatory requirement of normative and methodical documents concerning the protection of information and granting the right to conduct works connected with the use of data relating to state secrets. They set the basic requirements for legal entities, equipment and employees.

Intra-site mode: definition

It is a set of measures aimed at preventing:

1. Unauthorized penetration of unauthorized entities into the protected territory and facilities, into office premises, where work is carried out with information constituting state secrets.
2. Visits without the need for regime sites by employees who are not directly related to them, seconded employees who do not have the right to access and work for them.
3. Import / import into the territory of the protected object of technical means. These include, in particular, video, film, photo, sound recording and other equipment.
4. Unauthorized removal / removal from the territory of carriers of confidential information.
5. Violations of the regime and the order of work of regular employees and seconded employees with information constituting state secrets.

Thus, the internal mode is a set of measures, means, rules, the use of which ensures the protection of information from disclosure.

Specificity of the introduction

The organization of the in-house mode involves the development of local regulatory documentation. It is mandatory for all employees of the institution. As a key document is the Provision on in-site and admission mode. It is developed with the participation of competent supervisory bodies, coordinated with authorized state structures and approved by the head of the institution. With this document, all employees of the sites on which the intrabuilding regime is introduced should be familiarized. At the enterprise the sample of rules should be in structure of the standard local documentation at all chiefs of divisions working with the confidential information.

Key areas

Intra-facility regime - these are activities aimed at ensuring the proper level of secrecy in structural units, in the sections and in the office premises of the institution. Among the main areas of work in this area should be noted:

1. Identification of key requirements for employees and protection systems in accordance with the regulations of normative acts and orders of higher state bodies.
2. Restriction of the circle of subjects having access to information classified as state secret and their carriers.
3. Establish rules for the conduct of professional activities of full-time employees and seconded employees.
4. Development of action plans aimed at preventing the leakage of information that constitutes state secrets, as well as the loss of its carriers.
5. Organization of control over the fulfillment of requirements by employees of departments and managers.
6. Drafting of the rules for working with personnel who have access to confidential information, as well as with new employees being accepted into the institution.

Responsible persons

The instruction on the throughput and in-object mode establishes specific tasks to ensure the protection of information. Their implementation, as a rule, is entrusted to the deputy head of the institution, whose competence includes resolving the issues of protecting state secrets. The organization of work on the introduction of the internal facility is carried out on the basis of a thorough and comprehensive analysis of the likely channels of data leakage in the performance of the works provided for in the charter.

Approaches used

Intra-site mode is planned activities. For their development and implementation:

1. The responsibility of the heads of departments and officials is determined.
2. The functions assigned to specific departments (security, security, etc.) are delineated.
3. An effective system is created to monitor the implementation of measures and ensure the safety of information carriers that constitute state secrets.

An Important Moment

The head of the institution and authorized persons are obliged to ensure compliance with key principles, in accordance with which the internal regime regime is established. In particular, the personal responsibility of the heads of departments, other employees for the implementation of tasks in the field of information protection is established. The company develops rules for the integrated use of funds and forces to achieve the set goals. Local regulatory documentation should cover all areas of work of the institution, within which there is a possibility of leakage of confidential data or loss of their carriers.

Basic measures

Instruction for access and in-object mode provides the following procedures:

1. Identify the possible channels of data leakage, which constitute state secrets, the implementation of measures aimed at their closure.
2. Reclassification of information to the category of confidential information, declassification and classification of information, as well as their carriers.
3. Search and study of candidates for appointment to posts that allow access to state secrets, preparation of necessary documentation.
4. Distribution of responsibilities in the field of information security between employees.
5. Establishment of a circle of persons whose competence includes granting permission to familiarize themselves or work with information classified as state secrets.
6. Formation of units authorized to solve tasks to ensure the protection of information.
7. Provision of information to employees, including seconded ones, only to the extent that they need to carry out their professional activities.
8. Ensuring admission and direct access of employees to confidential data and their carriers.
9. Carrying out work among employees whose activities are related to the use of classified information, to clarify requirements, increase vigilance and individual responsibility for the safety of data that they trust.

Additionally

The provision on the in-house mode provides for:

1. Material, technical, financial and other types of securing gostayny.
2. Elimination of information leakage in the publishing and advertising activities of legal entities.
3. Allocate and equip protected premises, ensure access control of employees and visitors in them, prevent unauthorized entry.
4. Implementation of the analysis and development on its basis of predictive (prospective) assessments of the state of the state secrets protection system at the enterprise.
5. Development and approval of regulations and internal regulations.

Duties of the head

Introducing the intrabuilding regime, the director of the institution heads direct activities to ensure the protection of information. He bears individual responsibility for all measures taken. Taking into account the results of the analysis of the state of the data protection system in the enterprise, as well as the performance monitoring indicators of the solution of the relevant tasks, it clarifies the responsibilities of the structural divisions and their employees. The head must:

1. To make high demands on officials and other staff members of the institution, to take the necessary measures to prevent the disclosure of secret data, loss of their carriers. The head has the right to impose penalties on employees who allow negligence and irresponsibility in work.
2. Evaluate the activities of personnel in the field of data protection.
3. To direct work of employees on strict execution of rules.

Activities of the Deputy Director

In the institution where the intrabuilding regime is introduced, the deputy head is responsible for the practical work of the units and personnel to ensure the protection of classified information. The powers of this official include:

1. Direct management of the development of plans and monitoring of their implementation.
2. Identification of the circle of persons having access to secret data.
3. Organization of a systematic analysis of the work of units and staff members, focused on ensuring the protection of information.
4. Establishment and maintenance of strict order in the development, accounting, storage and subsequent destruction of data carriers classified as state secrets.
5. Organization of information protection when using automation tools.
6. Creation of conditions in which intrabuilding will be introduced, keeping records, storing, using and destroying the carriers of secret data.
7. Taking measures to ensure the protection of information when interacting with foreign partners.
8. Conducting personal instruction of members of commissions to verify data carriers that constitute state secrets, their selection and destruction.

Functions of the security unit

This service performs the following tasks:

1. Develops measures aimed at creating conditions in which the intrabuilding regime will be introduced. They are carried out in cooperation with other units of the institution.
2. Preparation of proposals to senior officials to limit the range of subjects admitted to classified information and their carriers.
3. Accounting, storage, timely destruction of information constituting state secrets.
4. Control over the compliance of employees of the company with the procedure for dealing with carriers of classified information.
5. Participation in the development of a set of measures to prevent information leakage in the process of interaction of the institution with foreign partners.
6. Conducting an analysis of the state of measures to protect state secrets and their effectiveness.
7. Participation in compilation of a detailed list of data subject to classification, as well as in the work of commissions on declassification of information.
8. Accounting for violations of the requirements of the established regime, study of the reasons for their admission.
9. Coordination of work of other units in the field of information security.
10. Participation in official investigations during the theft or loss of carriers of sensitive data, as well as in cases of disclosure of such information.
11. Instruction of the staff of the institution having access to confidential information, including those sent abroad, testing knowledge of regulatory requirements relating to the regime of secrecy.

Powers of security service

Employees of the secret-regime department are allowed to:

1. Require all staff to follow established rules.
2. Check the status of the regime in departments and subordinate organizations.
3. Require written explanations from employees for disclosure of confidential information, loss of carriers or for the admission of other violations of established rules.
4. Develop recommendations to the heads of departments concerning the protection of information.
5. Prepare proposals to the management of the enterprise on the prohibition of certain works in the absence of proper conditions for the preservation of state secrets or the involvement of employees who violated the rules, to account.

Security Service

It is formed in enterprises working with several types of confidential information. When it is created, the security service can be part of it. The tasks that it solves can be part of the duties and security units. Among the main tasks of the service should be noted:

1. Organization of confidential record keeping, storage, accounting and timely destruction of materials, including secret information.
2. Ensuring the protection of property and economic security of the enterprise.
3. Protection of the interests of the institution when carrying out foreign trade activities.
4. Monitoring compliance with the requirements of regulatory, methodological, local organizational and administrative documentation.
5. Detection and closing of channels for leakage of classified data.
6. Development of a system of technical and organizational measures regulating the internal facility, establishing control over their implementation.
7. Supervision of the procedure for registration, registration, storage, circulation of forms of certificates, stamps and seals, including individual ones.
8. Development of requirements for protected premises and sites, performance of attestation, installation of necessary equipment and protection systems.
9. Participation in the examination of materials intended for an open publication.
10. Organization and conduct of investigations on the facts of violation of the requirements related to ensuring the protection of confidential information and compliance with the internal facility.
11. Interaction with law enforcement and other state bodies on security issues.

Conclusion

The introduction of an in-house mode at enterprises working with confidential information is the responsibility of the manager. At the same time, proper conditions must be created, the necessary work with personnel is carried out, and responsible persons are identified. All this activity is carried out in accordance with the normative documents. In the local acts of the enterprise the key provisions provided for in the federal legislation regulating the sphere of ensuring the protection of confidential data are reflected. In the institution working with secret information, services should be established whose duties include the development of measures for the protection of information, monitoring of their implementation by all employees who have access to it. A key role in ensuring the protection of confidential information, creating the proper conditions for the introduction of an internal facility in the enterprise belongs to the management apparatus. The director of the enterprise and the persons authorized by him develop the necessary complex of measures in cooperation with competent state structures. They have individual responsibility for compliance with established regulations.