Cloud Servers 152-FZ

The Cloud servers service allows you to create necessary infrastructure in the public cloud in compliance with the requirements of Federal Law No. 152-FZ «On Personal Data».

As of the current date, only the Cloud servers service complies with the requirements of 152-FZ.

Managed Databases, Managed Kubernetes, Serverless functions platform services will be brought into compliance in the near future.

Areas of Responsibility

Selectel and the client share responsibility for security and legal compliance in the following ways.

The client takes responsibility for creating and managing the project, including the objects inside it:

  • servers;
  • disks;
  • networks within the project.

The client also takes responsibility for running system and the application software of the servers, their configuration, and providing information security.

Selectel, for its part, provides security:

  • at the physical level: security and fire alarms, access control and management systems, video surveillance, backup of the engineering systems;
  • at the infrastructure level: virtualization platform, storage platform, network services; security of the admins’ workplaces.

Detailed information on the delimitation of areas of responsibility is provided in Annex 1 and Annex 2 to the Act of assessment of the effectiveness of measures taken to ensure personal data security.

Billing and Payment

The cost of the Cloud servers resources is determined in accordance with the areas of 152-FZ that apply to Selectel. Learn more about how to top up your balance in the Adding Funds article.

Personal Data Processing Assignment

To assign the processing of personal data, please create a ticket in the Control panel and provide the following information:

  • Region used as part of the «Selectel Cloud platform» service:
    • ru-1
    • ru-2
    • ru-3
    • ru-7
    • ru-8
    • ru-9
  • Personal data categories:
    • special categories;
    • biometric categories;
    • other categories;
    • public categories;
  • Categories of Personal data subjects:
    • employees of the personal data operator;
    • non-employees of the personal data operator;
  • Number of people whose Personal data are being processed:
    • less than 100 000;
    • more than 100 000;
  • Threat type in accordance with the Decree of the Government of the Russian Federation of November 1, 2012 No. 1119:
    • threats of 3rd type are the threats which are not connected with availability of the undocumented (not declared) opportunities in system and the application software;
  • Level of personal data protection:
    • level 3 of personal data protection;
    • level 4 of personal data protection.

Once we have this information, we will prepare the assignment for personal data processing, which can be signed through the electronic document management.