Throughput and intraobject mode

Access and intraobjective regimes are usually established by legal entities whose work is connected with information classified as state secrets. Along with this, special working conditions may be provided by other firms and institutions. Let us further consider how the organization of access control and intraobject mode is implemented.

General information

Many enterprises provide an information security system. Its key element is the intraobject mode. Instructions for its introduction and execution - a mandatory requirement of regulatory and methodological documents relating to the protection of information and providing the right to carry out work related to the use of data related to state secrets. They establish the basic requirements for legal entities, equipment and employees.

Intra-Object Mode: Definition

It is a set of measures aimed at preventing:

1. Unauthorized penetration of unauthorized entities into the protected territory and objects, into office premises, in which work is carried out with information constituting state secrets.
2. Visits without the need for sensitive sites by employees who are not directly related to them, seconded by employees who do not have the right to access and work on them.
3. Import / import into the territory of the protected facility of technical equipment. These include, in particular, video, film, photo, sound recording and other equipment.
4. Unauthorized removal / removal from the territory of carriers of confidential information.
5. Violations of the regime and working procedures of regular employees and business travelers with information constituting state secrets.

Thus, the intra-object mode is a set of measures, means, rules, the use of which protects information from disclosure.

Introduction specifics

The organization of the intra-object regime involves the development of local regulatory documentation. It is mandatory for all employees of the institution. The key document is the Regulation on the intra-facility and access control. It is developed with the participation of competent supervisory authorities, agreed with authorized government agencies and approved by the head of the institution. This document should be familiarized to all employees of the plots in which the intraobjective regime is introduced. At the enterprise, a sample of the rules should be part of the regulatory local documentation for all the heads of departments working with confidential information.

Key areas

Intraobjective regime - these are activities aimed at ensuring an appropriate level of secrecy in structural units, at sites and in the office premises of an institution. Among the main areas of work in this area should be noted:

1. Identification of key requirements for employees and protection systems in accordance with the requirements of normative acts and orders of higher state bodies.
2. Limitation of the circle of subjects having access to information classified as state secret and their carriers.
3. Establishment of the rules for the professional activities of full-time employees and business travelers.
4. Development of action plans aimed at preventing cases of leakage of information constituting state secrets, as well as the loss of its carriers.
5. Organization of control over the fulfillment of requirements by employees of departments and decision makers.
6. Drawing up rules for working with personnel with access to confidential information, as well as with new employees being accepted into the institution.

Responsible persons

The instruction on access control and intra-object mode sets specific tasks for ensuring information security. Their implementation, as a rule, is assigned to the deputy head of the institution, whose competence includes the solution of issues of state secrets protection. Organization of work on the introduction of an intra-object mode is carried out on the basis of a deep and comprehensive analysis of the likely channels of data leakage when performing the work stipulated by the charter.

Approaches Used

Intraobjective mode - these are planned activities. For their development and implementation:

1. The responsibility of the heads of departments and officials is determined.
2. The functions assigned to specific departments (security service, security, etc.) are differentiated.
3. An effective system is being created to monitor the implementation of measures and ensure the preservation of the media of information constituting state secrets.

Important point

The head of the institution and authorized persons are obliged to ensure compliance with the key principles in accordance with which an intra-facility regime is established. In particular, the personal responsibility of the heads of departments, other employees for the implementation of tasks in the field of information protection is established. The company is developing rules for the integrated use of means and forces to achieve the goals. Local regulatory documentation should cover all areas of the institution, within which there is a possibility of leakage of confidential data or loss of their media.

Main measures

The instruction for access control and intraobject mode provides the following procedures:

1. Identification of probable channels of data leakage constituting state secrets, implementation of measures aimed at closing them.
2. Classification of information as confidential information, declassification and classification of information, as well as their carriers.
3. Search and study of candidates for appointment to positions involving access to state secrets, preparation of necessary documentation.
4. Distribution of duties in the field of information security between employees.
5. Establishment of a circle of persons whose competence includes the provision of permissions to familiarize or work with information related to state secrets.
   
6. Formation of units authorized to solve tasks to ensure the protection of information.
7. Providing employees, including business travelers, with information only to the extent that they need to carry out their professional activities.
8. Ensuring access and direct access of employees to confidential data and their media.
9. Carrying out work among employees whose activities involve the use of classified information to clarify requirements, increase vigilance and individual responsibility for the safety of data that they trust.

Additionally

The provision on intraobjective regime provides:

1. Material, technical, financial and other types of securing state secrets.
2. Exclusion of information leakage during the publishing and advertising activities of a legal entity.
3. Allocation and equipping of protected premises, ensuring access control for employees and visitors to them, preventing unauthorized entry.
4. Implementation of the analysis and development on its basis of predictive (prospective) assessments of the state of the state security system at the enterprise.
5. Development and approval of regulations and internal regulations.
   

Manager Responsibilities

Introducing an intra-facility regime, the director of the institution leads direct activities to ensure the protection of information. He is individually responsible for all measures taken. Taking into account the results of the analysis of the state of the data protection system at the enterprise, as well as performance indicators for monitoring the performance of relevant tasks, it clarifies the responsibilities of structural units and their employees. The manager must:

1. Make high demands on officials and other staff members of the institution, take the necessary measures to prevent the disclosure of classified data, the loss of their media. The head has the right to impose penalties on employees who allow negligence and irresponsibility in the work.
2. Evaluate the activities of personnel in the field of data protection.
3. To direct the work of employees to the strict implementation of the rules.

Activities of the Deputy Director

In the institution where the intra-object regime is introduced, the deputy chief is responsible for the practical work of units and personnel to ensure the protection of classified information. The powers of this officer include:

1. Direct management of the development of plans and monitoring their implementation.
2. Definition of the circle of persons having access to classified data.
3. Organization of a systematic analysis of the work of units and full-time employees, focused on ensuring the protection of information.
4. Establishing and maintaining a strict order in the development, accounting, storage and subsequent destruction of data carriers classified as state secrets.
   
5. Organization of information security when using automation tools.
6. Creation of conditions in which the intraobject mode will be introduced, records, storage, use and destruction of classified data carriers will be kept.
7. Taking measures to ensure the protection of information when interacting with foreign partners.
8. Conducting personal briefing of members of the commissions on the verification of the storage media constituting state secrets, their selection and destruction.

Security Unit Functions

This service implements the following tasks:

1. It develops measures aimed at creating conditions in which an intra-object regime will be introduced. They are carried out in collaboration with other departments of the institution.
2. Preparation of proposals to senior officials to limit the range of subjects allowed to classified information and their carriers.
3. Accounting, storage, timely destruction of information constituting state secrets.
4. Monitoring compliance by employees of the enterprise with the procedure for handling classified information carriers.
5. Participation in the development of a set of measures to prevent information leakage in the process of interaction between the institution and foreign partners.
6. Conducting an analysis of the state of state security measures and their effectiveness.
7. Participation in the compilation of an expanded list of data subject to classification, as well as in the work of commissions for declassifying information.
8. Accounting for violations of the requirements of the established regime, the study of the reasons for their admission.
   
9. Coordination of the work of other departments in the field of information security.
10. Participation in official investigations during the theft or loss of classified data carriers, as well as in cases of disclosure of such information.
11. Instructing employees of the institution who have access to confidential information, including business travelers abroad, testing knowledge of regulatory requirements regarding the privacy regime.

Security Authority

Secret service personnel are allowed to:

1. Require all full-time employees to comply with established rules.
2. Carry out checks on the status of the regime in units and subordinate organizations.
3. Require written explanations from employees in the disclosure of confidential information, loss of media or other violations of established rules.
4. To develop recommendations for the heads of departments regarding the protection of information.
5. To prepare proposals to the management of the enterprise on the prohibition of certain works in the absence of appropriate conditions for maintaining state secrets or on bringing employees who violate the rules to responsibility.

Security Service

It is formed at enterprises working with several types of confidential information. When it is created, the security service may be part of it. The tasks that it solves may be part of the responsibilities and security units. Among the main tasks of the service should be noted:

1. Organization of confidential records management, storage, accounting and timely destruction of materials, including classified information.
2. Ensuring the protection of property and economic security of the enterprise.
3. Protection of the interests of the institution in the implementation of foreign trade.
4. Monitoring compliance with regulatory, methodological, local organizational and administrative documentation.
5. Detection and closing of secret data leakage channels.
6. Development of a system of technical and organizational measures governing the intraobjective regime, establishing control over their implementation.
7. Supervision of the procedure for registration, accounting, storage, circulation of forms of certificates, stamps and seals, including individual ones.
8. Development of requirements for guarded premises and areas, certification, installation of necessary equipment and protection systems.
9. Participation in the examination of materials intended for open publication.
10. Organization and conduct of investigations into the facts of violation of requirements related to ensuring the protection of confidential information and compliance with the intra-facility regime.
11. Interaction with law enforcement and other government agencies on security issues.

Conclusion

The introduction of intraobjective regime in enterprises working with confidential information is the responsibility of the head. At the same time, appropriate conditions must be created, the necessary work with staff should be carried out, responsible persons identified. All this activity is carried out in accordance with regulatory documents. The local acts of the enterprise reflect key provisions provided for in federal legislation governing the protection of confidential data. In an institution working with classified information, services should be formed whose responsibilities include developing measures to protect information, monitoring their implementation by all employees who have access to it. The key role in ensuring the protection of confidential information, creating the appropriate conditions for the introduction of an intra-facility regime at the enterprise, belongs to the management apparatus. The director of the enterprise and its authorized persons develop the necessary set of measures in collaboration with competent state structures. They have individual responsibility for complying with established regulations.