Ссылка на старый сайт

Chapter 1. General Provisions

1. “National payment corporation of the National Bank of the Republic of Kazakhstan” (hereinafter – NPC) is a legal entity, organization of the republican state institution “National Bank of the Republic of Kazakhstan” in the form of a republican state enterprise on the basis of the right of economic management, the main purpose of which is to conduct interbank payments and money transfers, interbank clearing in accordance with the legislation of the Republic of Kazakhstan. The activity of the NPC is to provide services, is associated with the processing and storage of information, which is an important information asset, and requires information security, which is understood as ensuring the availability, integrity and confidentiality of information.

2. This Information Security Policy of the NPC (hereinafter – the Policy) has been developed in accordance with the Requirements for ensuring information security of banks and organizations engaged in certain types of banking operations, approved by the Resolution of the Board of the National Bank of the Republic of Kazakhstan dated March 27, 2018 No. 48, the legislation of the Republic of Kazakhstan in the field of information security and the international standard ISO / IEC 27001 “Information technology. Security methods. Information security management systems. Requirements”.

3. The management of the NPC realizes the importance of and manages information security, providing the necessary conditions for the development, improvement of measures and means of protecting information assets in the context of threats to information security, the development of legislation and regulation of the activities of the NPC.

Chapter 2. Purpose

4. The purpose of this Policy is to determine a unified approach to ensuring information security in the NPC, aimed at organizing the protection of information, regardless of the form and place of its processing and storage, means of its processing.

Chapter 3. General provisions and scope

5. To achieve the goal of this Policy, the NPC is implementing an information security management system (hereinafter – ISMS), which will allow:

  • guarantee the sufficiency of measures and the continuity of protection of information assets of the NPC from threats to information security;
  • maintain a structured and comprehensive system for identifying and assessing information security risks, selecting and applying appropriate means of protection, management, measurement and improvement of their effectiveness;
  • conduct a comprehensive analysis of information about information security incidents;
  • continuously improve the control environment;
  • comply with legal and regulatory requirements.

6. In the NPC, the choice of means and measures for protecting information assets in order to minimize possible losses is based on the identification and assessment of information security risks.
7. The scope of the ISMS extends to the provision of services to users of payment systems in accordance with the legislation of the Republic of Kazakhstan at the addresses: Republic of Kazakhstan, Almaty micro district -n Koktem-3, building 21, st. Satpayev, 30/8, st. Tashkentskaya, 511 and Suyunbay Avenue, 89.
8. Employees of the NPC, responsible for organizing and implementing measures to ensure information security and processes for processing and storing information, regularly undergo appropriate training in the field of information security.

Chapter 4. Responsibility and control

9. The management of the NPC carries out general control and is personally responsible for the fulfillment of the goals and main provisions of this Policy, including the provision of the necessary conditions and resources to achieve the goals of this Policy, and also undertakes obligations to continuously improve and fulfill the applicable ISMS requirements.
10. Information security management in day-to-day activities is assigned to the head of the security department, who is personally responsible for the implementation of this Policy, as well as for continuous monitoring of compliance with the requirements and information security measures established by the NPC.
11. All NPC employees are personally liable for violation and / or non-compliance with the established requirements and measures for the protection of information and means of its processing, and are obliged to report all identified violations and incidents to the department responsible for ensuring security.
12. The job descriptions of all employees of the NPC must contain requirements for ensuring and observing information security.

Chapter 5. Other provisions

13. The policy is subject to annual revision, in case of significant changes in the activities of the NPC, as well as the requirements of the legislation of the Republic of Kazakhstan or regulatory bodies affecting the ISMS, immediately.
14. The policy is a publicly available document and is posted on the official website of the NPC.
“Approved Information Security Policy of the RSE” NPC NB RK “