Unofficial translation
In accordance with paragraph 3 of Article 141 and paragraph 1 of Article 143 of the Entrepreneurial Code of the Republic of Kazakhstan dated October 29, 2015, I HEREBY ORDER:
1. To approve:
1) excluded by joint order of the Minister of Digital Development, Innovation and Aerospace Industry of the Republic of Kazakhstan № 104/NK of 23.05.2023 and the Minister of National Economy of the Republic of Kazakhstan № 76 of 23.05.2023 ( shall come into effect upon expiry of ten calendar days after the day of its first official publication);2) excluded by joint order of the Minister of Digital Development, Innovation and Aerospace Industry of the Republic of Kazakhstan № 104/NK of 23.05.2023 and the Minister of National Economy of the Republic of Kazakhstan № 76 of 23.05.2023 ( shall come into effect upon expiry of ten calendar days after the day of its first official publication);
3) Checklist in the field of informatization in accordance with Annex 3 to this Joint order;
4) Checklist in the field of communications, in accordance with Annex 4 to this Joint order;
5) Checklist for compliance with the legislation of the Republic of Kazakhstan on electronic document and electronic digital signature in accordance with Annex 5 to this Joint order.
2. To recognize as terminated:
1) Joint order of Acting Minister for Investment and Development of the Republic of Kazakhstan dated December 30, 2015 № 1275 and Acting Minister of National Economy of the Republic of Kazakhstan dated December 31, 2015 № 841 “On approval of risk assessment criteria and checklists in the field of information, communication, for compliance with the legislation of the Republic of Kazakhstan on electronic documents and electronic digital signatures” (registered in the Register of State Registration of Normative Legal Acts № 12990, published in the legal information system "Adilet" on February 16, 2016);
2) Joint order of the Minister of Information and Communications of the Republic of Kazakhstan dated October 31, 2018 № 456 and the Minister of National Economy of the Republic of Kazakhstan dated October 31, 2018 № 40 “On Amending the Joint order of the Acting Minister for Investment and Development of the Republic of Kazakhstan dated December 30, 2015 № 1275 and Acting Minister of the National Economy of the Republic of Kazakhstan dated December 31, 2015 № 841 “On approval of risk assessment criteria and checklists in the field of informatization, communications, compliance with the legislation of the Republic of Kazakhstan on electronic document and electronic digital signature" (registered in the Register of State Registration of Normative Legal Acts № 17675, published in the Reference Control Bank of Regulatory Legal Acts electronically on November 8, 2018).
3. The Telecommunications Committee of the Ministry of Digital Development, Defense and Aerospace Industry of the Republic of Kazakhstan shall ensure:
1) state registration of this Joint order with the Ministry of Justice of the Republic of Kazakhstan;
2) within ten calendar days from the date of the state registration of this order, the direction hereof both in Kazakh and Russian languages to the Republican State Enterprise on the right of economic management "Republican Center for Legal Information of the Ministry of Justice of the Republic of Kazakhstan" for official publication and placement in the Reference Control Bank of the Regulatory Legal Acts of the Republic of Kazakhstan;
3) placement of this order on the Internet resource of the Ministry of Digital Development, Defense and Aerospace Industry of the Republic of Kazakhstan.
4) within ten working days after the state registration of this order, the submission to the Department of Legal Services of the Ministry of Digital Development, Defense and Aerospace Industry of the Republic of Kazakhstan the information on the implementation of measures provided for in subparagraphs 1), 2) and 3) of this paragraph.
4. The control over the execution of this Joint order shall be assigned to the Supervising Vice Minister of Digital Development, Defense and Aerospace Industry of the Republic of Kazakhstan.
5. This Joint order shall come into effect upon expiry of ten calendar days after the day its first official publication.
|
| ||
|
“AGREED”
Committee on Legal Statistics
and Special Records of the
General Prosecutor's Office of the
Republic of Kazakhstan
| Annex 1 to the Joint order of the Minister of Digital Development, Defense and Aerospace Industry of the Republic of Kazakhstan dated June 4, 2019 № 114/НҚ and Minister of National Economy of the Republic of Kazakhstan dated June 6, 2019 № 52 |
Criteria for risk assessment in the field of informatization
Footnote. Annex 1 excluded by joint order of the Minister of Digital Development, Innovation and Aerospace Industry of the Republic of Kazakhstan № 104/NK of 23.05.2023 and the Minister of National Economy of the Republic of Kazakhstan № 76 of 23.05.2023 ( shall come into effect upon expiry of ten calendar days after the day of its first official publication).
| Annex 2 to Joint order of the Minister of Digital Development, Defense and Aerospace Industry of the Republic of Kazakhstan dated June 4, 2019 № 114/НҚ and the Minister of National Economy of the Republic of Kazakhstan dated June 6, 2019 № 52. |
Criteria for risk assessment in the field of communication
Footnote. Annex 2 excluded by joint order of the Minister of Digital Development, Innovation and Aerospace Industry of the Republic of Kazakhstan № 104/NK of 23.05.2023 and the Minister of National Economy of the Republic of Kazakhstan № 76 of 23.05.2023 ( shall come into effect upon expiry of ten calendar days after the day of its first official publication).
| Annex 3 to the Joint order of the Minister of Digital Development, Defense and Aerospace Industry of the Republic of Kazakhstan dated June 4, 2019 № 114/НҚ and the Minister of National Economy of the Republic of Kazakhstan dated June 6, 2019 № 52 |
Checklist in the field of informatisation with regard to state legal entities,
quasi-public sector entities, owners and operators integrated with information
systems of public authorities or intended for the formation of state electronic information
resources, as well as owners and proprietors of critical information and communication
infrastructure facilities, owners and operators of bases containing personal data,
as well as third parties that are not the entity, owner and (or) operator, but are related
to them by circumstances or legal relations on collection, processing and protection
of personal data
Footnote. Appendix 3 - as amended by the joint order of the Minister of Digital Development, Innovation and Aerospace Industry of the Republic of Kazakhstan dated 23.05.2023 № 104/NK and the Minister of National Economy of the Republic of Kazakhstan dated 23.05.2023 № 76 (effective ten calendar days after the date of its first official publication).
Public authority that ordered the inspection ___________________________
_____________________________________________________________________
Act on the assignment of the inspection ______________________________ №, date
Name of the entity (facility) being inspected_______________________________
(Individual identification number), business identification number
entity (facility) being inspected ____________________________________________
Location address _______________________________________________
№ | List of requirements | Conforms to the requirements | Does not conform to the requirements |
1. | observance of the requirement to have original technical documentation in hard copy | ||
2. | adherence to the requirements for preservation, protection, recovery of electronic information resources in case of failure or damage to e-government informatisation objects | ||
3. | adherence to backup requirements and control over timely updating of electronic information resources | ||
4. | observance of the requirement by non-state information systems that integrate with information systems of a public authority, provided that there is an act of acceptance into commercial operation of the IS, an act with a positive result of tests for compliance with information security requirements, expert examination of technical documentation and a certificate of compliance with information security requirements | ||
5. | compliance by the owner and proprietor of information systems with the requirements for the protection of personal data stored in information systems that have received electronic information resources | ||
6. | compliance with the requirements to prevent the use of electronic information resources containing personal data on natural persons in order to cause property and (or) moral damage, restrict the exercise of the rights and freedoms of citizens | ||
7. | observance of the rights of the person's demands from the owner and (or) the operator, as well as from a third party to block his/her personal data in case of violation of the conditions of collection, processing of personal data | ||
8. | observance of the person’s rights to demand from the owner and (or) operator, as well as from a third party the destruction of his/her personal data, the collection and processing of which was carried out in violation of the legislation on personal data and their protection | ||
9. | observance of the obligation to provide evidence of obtaining the person’s consent to the collection and processing of his/her personal data | ||
10. | observance of the requirement to have a terms of reference agreed with the competent authority and the competent authority responsible for ensuring information security | ||
11. | meeting the requirement for the period of pilot operation not exceeding one year when creating and developing an "e-government" informatisation object; |
Official(s) ____________________________ ______________
position signature
__________________________________________________________________
surname, first name, patronymic (if any)
Head of the entity being monitored _________________________ ____________
position signature
__________________________________________________________________
surname, first name, patronymic (if any)
| Annex 4 to Joint Order № 114/NK of the Minister of Digital Development, Defence and Aerospace Industry of the Republic of Kazakhstan of June 4, 2019, and № 52 of the Minister of National Economy of the Republic of Kazakhstan of June 6, 2019 |
Checklist in the field of communications in relation to natural persons,
state legal entities, quasi-public sector entities, telecom operators
Footnote. Appendix 4 - as amended by the joint order of the Minister of Digital Development, Innovation and Aerospace Industry of the Republic of Kazakhstan dated 23.05.2023 № 104/NK and the Minister of National Economy of the Republic of Kazakhstan dated 23.05.2023 № 76 (effective ten calendar days after the date of its first official publication).
Public authority that ordered the inspection ___________________________
_____________________________________________________________________
Act on the assignment of the inspection ________________________________ №, date
Name of the entity (facility) being controlled _______________________________
(Individual identification number), business identification number
of the entity (facility) being controlled ____________________________________________
Location address _______________________________________________
№ | List of requirements | Conforms to the requirements | Does not conform to the requirements |
1 | 2 | 3 | 4 |
1. | observance of obligations to collect and store proprietary information on subscribers | ||
2. | confirmation of compliance of technical means of communication used on the unified telecommunications network of the Republic of Kazakhstan, radioelectronic means and high-frequency devices that are a source of electromagnetic radiation, technical means of postal communication | ||
3. | adherence to the requirement to ensure the implementation of mobilisation preparedness measures | ||
4. | presence of a licence to provide communication services | ||
5. | permission to use the radio frequency spectrum of the Republic of Kazakhstan | ||
6. | presence of a notification on commencement or termination of activity on provision of communication services | ||
7. | presence of notification on the beginning or termination of operation of radioelectronic means and (or) high-frequency devices | ||
8. | compliance with the obligations to ensure that bodies carrying out operational, investigative and counterintelligence activities on communications networks have organisational and technical capabilities to undertake operational, investigative and counterintelligence activities on all communications networks, and to take measures to prevent the disclosure of the forms and methods of carrying out these activities | ||
9. | observance of the requirement to have an extract from the register of the state system for ensuring the uniformity of measurements of the Republic of Kazakhstan, a copy of valid verification certificates to confirm the availability of the traffic metering system, which must have a system for measuring the duration of connections and a system for measuring data transmission of the telecom operator, entered in the register of the state system for ensuring the uniformity of measurements of the Republic of Kazakhstan | ||
10. | adherence to the requirement that a telecommunications operator, service provider, owner of a departmental telecommunications network, special-purpose telecommunications network, or corporate network uses the allocated numbering resource by over 50 per cent within two years from the date of allocation | ||
11. | observance of the requirement for the recipient to use the numbering resource (codes “DEF” and indices “X1”, “X1X2” in code “DEF” of non-geographically defined numbering zones, codes of operators (X1X2X3/(X1X2X3X4) providing communication services using service access codes; access numbers “1UV (X1(X2))” to emergency operational, information, inquiry and ordering services; prefixes of long-distance and (or) international communication operators' choices for more than 6 months within two years from the date of allocation (based on the results of the inspection performed by the competent authority) | ||
12. | meeting the requirement to maintain ground segments and switching nodes, the control centre of which is located in the territory of the Republic of Kazakhstan | ||
13. | compliance with the requirement for redundancy of transport networks by provision of independent bypasses organised along independent geographical routes or replacement by paths (channels) organised in the same transmission lines | ||
14. | observance of the requirement to have transport telecommunications networks (trunk and intrazone communication lines) as part of the telecommunications network of a long-distance and/or international telecommunications operator at the time it is granted the status of a long-distance and/or international telecommunications operator | ||
15. | observance of the requirement to have network nodes on the transport telecommunications networks of a long-distance and/or international telecommunications operator that have at least three transmission outputs (three transmission directions) (two in the direction of its own network and one in the direction of another country's network) for organising international connections to the public telecommunications network of other countries | ||
16. | adherence to the requirement to have at least one point of interconnection of the transport network with the telecommunications networks of foreign telecommunications operators via land lines as part of the telecommunications network of a long-distance and/or international telecommunications operator | ||
17. | observance of the requirement for the independent creation (development) by a long-distance and (or) international telecommunications operator of networks providing universal telecommunications services | ||
18. | availability of a clock network synchronisation system as part of the telecommunications network of a long-distance and/or international telecommunications operator at the time of assigning the status of a long-distance and/or international telecommunications operator to it | ||
19. | meeting the requirement to have long-distance and (or) international switching stations in the telecommunications network of a long-distance and (or) international telecommunications operator at the time of assigning the status of long-distance and (or) international telecommunications operator to it | ||
20. | presence in the telecommunications network of the long-distance and (or) international telecommunications operator of systems to ensure functioning - management system and technical operation system | ||
21. | observance of the requirement to cover the territory of at least six regions (geographical numbering zones), Astana and Almaty cities with telecommunications networks of the long-distance and/or international telecommunications operator | ||
22. | international switching centres of a long-distance and/or international operator be connected with at least two international switching centres of other long-distance and/or international operators, and all automatic long-distance telephone exchanges shall be connected with at least two international switching centres | ||
23. | meeting the requirement to have a list of qualified technical managers and specialists with appropriate education and at least three years of practical work experience in their speciality, copies of diplomas, employment orders, copies of labour books or employment contracts, diploma or certificates of completion of training and advanced training courses in the field of communications to confirm the qualified composition of technical managers and specialists | ||
24. | adherence to the requirement to have a copy of the applicant's constituent documents and the register of securities holders (partnership participants) to confirm information on the distribution of shareholdings (participatory interests in the authorised capital) among shareholders (participants) | ||
25. | Compliance with the requirement to comply with the technical characteristics and operating conditions of radio-electronic means and high-frequency devices with the requirements set out in the authorisation to use the radio-frequency spectrum of the Republic of Kazakhstan and the notification on the commencement or termination of operation of radio-electronic means and (or) high-frequency devices | ||
26. | fulfilment of obligations to provide users with communication services that correspond in quality to standards, technical norms, terms and conditions of the contract for the provision of communication services, quality indicators of communication services | ||
27. | observance of the requirement for telecom operators to provide subscribers with free connections | ||
28. | adherence to the requirement for the telecom operator to notify the subscriber of the cost of the connection in case of intellectual services (lottery, voting, TV quizzes, quizzes, reference and information services, dating services) prior to the commencement of a tariffed connection | ||
29. | meeting the requirement to set up an information and reference service system to ensure that subscribers are provided with information related to the provision of cellular communication services | ||
30. | compliance with the obligation to automatically record information on the cellular communication services received by the subscriber in the network of the telecom operator, the time of their use, connections with telephone numbers of subscribers of other networks of similar standard | ||
31. | observance of the requirement to establish a limit on sending to subscribers at night (from 10 p.m. to 6 a.m.) information (promotional mailings) by means of short text messages and/or multimedia messages not previously requested by the subscriber (for mobile operators) | ||
32. | complying with the requirement to prevent the telecom operator from imposing other paid services on subscribers when providing them with telephone services | ||
33. | observance of the requirement to take measures to restore the quality of telephone services and recalculate the subscription fee within three calendar days from the date of submission by the subscriber of an application on deterioration in the quality of telephone services | ||
34. | observance of the requirement to recalculate the subscriber fee for the period of actual inactivity of the subscriber's device due to the absence of communication through the fault of the telecom operator | ||
35. | fulfilment of the requirement to inform the subscriber of failures on the telephone network and the expected timeframe for elimination of such failures | ||
36. | adherence to the requirement to notify the subscriber 30 calendar days in advance of replacing the subscriber number and (or) disconnecting the terminal, specifying the reasons for this | ||
37. | compliance with the requirement to change the terms and conditions of the tariff for telecommunications services with the subscriber's consent by notifying the subscriber no later than 30 calendar days prior to their implementation | ||
38. | observance of the requirement to resume access to communication services disconnected for late payment within twenty-four hours from the moment of debt repayment (from the moment of receipt of confirmation of payment from the subscriber or submission by the subscriber of documents confirming the liquidation of debt for payment of communication services for mobile operators and Internet access services) | ||
39. | adherence to the requirement to prevent the telecom operator from restricting the rights of a subscriber/user when rendering telecom services to him/her in case he/she fails to fulfil the conditions for receiving another service | ||
40. | existence of a public agreement on provision of communication services between the telecom operator and the subscriber | ||
41. | meeting the requirement to maintain a register of identification codes of subscriber devices operating in their network (for mobile operators) | ||
42. | observance of the requirement to suspend or resume, by identification code, the operation of a subscriber device in its network at the request of the owner of the subscriber device (for mobile operators) | ||
43. | observance of the requirement to inform subscribers on preventive maintenance of communication equipment associated with its partial or complete shutdown and on the timing of such works three calendar days prior to the commencement of such works (for cellular operators) | ||
44. | compliance with the requirement to ensure the possibility to monitor the balance of money on the current account in a round-the-clock mode | ||
45. | observing the requirement to return to the subscriber overpaid monetary funds for rendered communication services or counting them, with the consent of the subscriber, as advance payment for communication services | ||
46. | adherence to the requirement to prevent a telecom operator from refusing to conclude an agreement on the provision of telecom services if technically possible | ||
47. | meeting the requirement to replace subscriber numbers free of charge at the initiative of the telecom operator due to commissioning of new automatic telephone exchanges and reconstruction of local telephone networks with prior notification of users | ||
48. | compliance with the terms and conditions of the credit method of payment for communication services | ||
49. | adherence to the terms and conditions of the advance method of payment for communication services | ||
50. | adherence to the requirement to prevent the dominant telecommunications operator from refusing to conclude an interconnection agreement or the establishment by the dominant telecommunications operator of knowingly restrictive conditions for connection or laying of communication lines | ||
51. | observing the deadlines for the connection of telecommunications networks to the public telecommunications network | ||
52. | compliance by telecommunications operators with the levels of interconnection of telecommunications networks, including traffic flow and settlement procedures | ||
53. | observance of the requirement to have an electronic user log, containing the surname, first name and patronymic (if any) of the user, the time of the commencement and termination of work on the Internet, the number of the owner's computer on which the user worked (in cases where there is no cellular communication in settlements) | ||
54. | adherence to the requirement that a telecom operator does not provide access to information prohibited by an enforceable court judgement or laws of the Republic of Kazakhstan | ||
55. | compliance with the requirement to prohibit spoofing of network addresses | ||
56. | fulfilment by the cellular operator of the obligation to furnish the operator of the centralised database of subscriber numbers with information on cellular subscriber numbers | ||
57. | provision of communication services by a telecommunications operator and (or) owner of a communication network, as well as distribution of subscriber numbers by a representative of a telecommunications operator without concluding a relevant agreement on the provision of communication services | ||
58. | fulfilment by the cellular operator of its obligations to provide communication services to settlements and (or) territories listed in the permit to use the radio frequency spectrum of the Republic of Kazakhstan | ||
59. | failure to use the radio frequency spectrum for one year | ||
60. | fulfilment of the cellular operator's obligation to ensure the portability of subscriber numbers in cellular networks and their timing | ||
61. | existence of a document confirming the payment to the state budget of the fee for the use of the radio frequency spectrum of the Republic of Kazakhstan | ||
62. | observance of the requirement that the right to temporarily or permanently use assigned frequency bands, radio frequencies (radio frequency channels) may not be transferred to other individuals or legal entities. | ||
63. | observance of the postal operator's requirements for the placement of mailboxes and the removal of postal items from them | ||
64. | complying with the requirement for mailboxes to have the postal operator's logo, assigned number, frequency and time of mail removal (start of the first and last removal) | ||
65. | observing the requirement to have the postal operator's logo on rural mailboxes, the number assigned, the time of retrieval, and the days on which retrieval is not done | ||
66. | meeting the requirement to have a sign at the entrance to the postal operator's production facilities stating the name of the production facility and the mode of operation, including a posted notice in production facilities located in cities and operating on a rolling schedule, with a lunch break or with a day off on the location and mode of operation of the nearest production facility providing services on a different schedule or without days off with the text of the sign and notice in the Kazakh and Russian languages. | ||
67. | meeting the requirement for information material to be prominently displayed and accessible to users of the postal operator's services in the operating room of the postal operator's production facility. | ||
68. | Compliance with the requirements to provide the postal operator's production facilities with their own nominal devices | ||
69. | observation by postal operators of the requirements for the use of technical means and equipment on postal networks to enable the detection of prohibited items and substances in postal items without opening them. | ||
70. | (compliance with obligations to ensure that authorities engaged in operational, investigative and counterintelligence activities on communication networks have access to proprietary information on subscribers, and to take measures to prevent disclosure of forms and methods of operational, investigative and counterintelligence activities) of the checklist in the field of communications | ||
71. | (fulfilment of obligations to ensure the functions of its telecommunication equipment for the technical conduct of operational-search, counterintelligence activities in line with the requirements for networks and means of communication) of the checklist in the field of communications | ||
72. | adherence by subscribers to the procedure for operating cellular signal amplifiers (repeaters, active repeaters) in cellular networks |
Official(s) _________________________________ ____________
position signature
_____________________________________________________________________
surname, first name, patronymic (if any)
Head of the entity being monitored ___________________________ _____________
position signature
_____________________________________________________________________
surname, first name, patronymic (if any)
| Annex 5 to Joint Order № 114/NK of the Minister of Digital Development, Defence and Aerospace Industry of the Republic of Kazakhstan of June 4, 2019, and № 52 of the Minister of National Economy of the Republic of Kazakhstan of June 6, 2019 |
Checklist for observance of the legislation of the Republic of Kazakhstan on electronic
document and electronic digital signature in respect of state legal entities, quasi-public sector
entities, owners and operators integrated with information systems of public authorities
or intended for formation of state electronic information resources, as well as owners and
proprietors of critical information and communication infrastructure objects
Footnote. Appendix 5 - as amended by the joint order of the Minister of Digital Development, Innovation and Aerospace Industry of the Republic of Kazakhstan dated 23.05.2023 № 104/NK and the Minister of National Economy of the Republic of Kazakhstan dated 23.05.2023 № 76 (effective ten calendar days after the date of its first official publication).
Public authority that ordered the inspection ___________________________
_____________________________________________________________________
Act on the assignment of the inspection ___________________________________№, date
Name of the entity (facility) under monitoring _______________________________
(Individual identification number), business identification number
of the entity (facility) under monitoring ____________________________________________
Location address _______________________________________________
№ | List of requirements | Conforms to the requirements | Does not conform to the requirements |
1. | observance of the requirement to prevent refusals to accept electronic documents | ||
2. | ensuring that the certification centre protects data of the holders of registration certificates | ||
3. | taking measures by the owner of the registration certificate to protect the private key of the electronic digital signature belonging to it from unlawful access and use, as well as to store the public keys | ||
4. | adherence to the requirement to prohibit the transfer of the private key of the electronic digital signature to other persons |
Official(s) ____________________________ ____________
position signature
________________________________________________________________
surname, first name, patronymic (if any)
Head of the entity being monitored _____________________ ______________
position signature
________________________________________________________________
surname, first name, patronymic (if any)
