Federal Law 152 compliant cloud computing

Ready for use Cloud-152 cloud infrastructure based on VMware certified according to 152-FZ Law requirements.

Federal Law 152 compliant cloud computing

For Business Enterprises

For putting of personal data with 2nd, 3rd, 4th levels of protection.
See certificate

For Government organization

For putting of 3rd Class State Information Systems (SIS C3).
See certificate

Cloud-152 Advantages

Complies to requirements of

  • 152-FZ, 1119-PP, 21 FSTEC Order, 378 FSB Order 
  • SIS (17 FSTEC Order)
  • PCI DSS 3.2.1., 
  • ISO\IEC 27001:2013

FSTEC-Certified information protection tools

at  IaaS Level, however we do not force specific IPT and  CIPF at Customer’s IS  Level

Geographically distributed infrastructure

of Cloud, based on two Data Centers (NORD and OST)

Detailed SLA

Cloud based on verified solution and reliable support of vendors, so the high availability and performance metrics are  guaranteed.

What Shall You Get:

Certified infrastructure, complied to requirements for protection of Personal Data and SIS at IaaS level; this infrastructure allows passing of regulator’s verification (we will sign the Commitment for Processing, we will provide the Threats Model, Technical Passport etc. for NDA)

Cloud based on VMware virtualization with vendor’s support and SLA

Assistance in preparation of documentation for regulatory authorities: threats models, technical design-project, organization documentation*

Selection, configuration and administration of protection tools for your IT-system (levels higher than IaaS)* 

* additional services for provision of full compliance to 152-FZ

How we provide for the safety of personal data in Cloud-152

  • Cloud-152 Equipment is located at the premises with protected perimeter , at Tier III Data centers NORD1 and OST, with 24x7 security personnel and CCTV monitoring.
  • Cloud-152 deployed at dedicated equipment. Every rack equipped with ACS.
  • Cloud-152 network segment is isolated from other Customers’ networks, Cloud management cluster also located on separate equipment.

How is arranged the Cloud that is 152-FZ compliant?

The Cloud built according to requirements of Government Decree 1119 dated Nov 01, 2012, Order № 17 FSTEC RF dated Feb, 11, 2013, FSB Order № 378.

At IaaS level we use such classes of protection tools certified according to FSTEC RF requirements
  • Virtualization environment’s protection tools (vSphere, certified version of VMware).
  • New Generation firewall (NGFW)
  • Intrusion Detection System
  • Tool for control and monitoring of Privileged Users’ actions
  • Anti-virus software
  • Unauthorized access protection tool
  • Security analysis toll (vulnerability scanner)
  • GOST encryption via software-hardware system
Geographically distributed solution option

Cloud Infrastructure deployed at two Data Centers in Moscow to allow realization of geographically distributed solution via DRaaS.

We will help to provide the compliance of your IT-systems (with levels higher than certified IaaS), via:

Managed Services:
Leasing and Administration:
  • SIPF ViPNet, С-Terra, “Continent” Hardware System for encryption
  • Wallix/Internet Providers Actions Control System, 
  • Scanners BC-scanner, XSpider
  • Kaspersky products
  • SSL certificates and other tools.

SLA - your personal quality control

For all "Federal Law 152 compliant cloud computing" clients, we provide a detailed Service Level Agreement (SLA). Key parameters and indicators, we are financially liable for, are listed below:

99.982% guaranteed service availability

99.982% data center and infrastructure availability

8 minutes maximum downtime per month

MIPS / 1 vCPU ≥ 2800 processor speed

2000 IOPS/500 GB SSD guaranteed disk system performance

≤ 3ms average access time to SSD-disk

≤ 10 minutes incident response time

Why You Shall Choose Us?

Certified Platform

Cloud-152 virtual environment certified to be compliant to152-FZ requirements, also to be compliant to international standards PCI DSS and 

ISO 27001:2013.

Certified experts

Maintenance of infrastructure will be performed by our experts professionalized in security hardware.

Detailed SLA

We are financially responsible for the offence of guaranteed service specifications.

Always connected

24х7 support via e-mail and telephone.

Frequently Asked Questions

No. When you put the data in Cloud-152, you met the law requirements at infrastructure (IaaS) level because we already made the required set of documents and correct protection tools for Cloud-152.

For your Data Transmission IS that is "higher" than IaaS you must also develop the documents and use protection tools that are correspond to Data Transmission IS protection level and type of current threats according to FSTEC Order #21. We are able to assist you for this task.

Yes, we will assist you in preparation of required documentation: threats model, technical design-project, organization documentation. See more on this service.
Yes, we will select technical devices according to protection level of Personal Data. For example, if you have protection level 3, we will offer the required (according to law requirements) licensed anti-virus software, NGFW with integrated intrusion detection system, vulnerability scanner, Managed ELK for registration of IS events. Send the request for advice, we will talk things through.
Protection level is impacted by the type of processed personal data, the number of personal data subjects who owns the data (employees and non-employees) and type of current threats. You may carry our test and identify the level without assistance. But most likely, you have Protection Level 3.

Yes, Personal Data Operator is entitled to trust the processing of Personal Data to the third party – for example, the Cloud Provider (paragraph 3, article 6, 152-FZ). For this case, you should sign the Commitment. The Commitment include the description of actions that provider entitled to perform with Operator’s Personal Data, Provider’s duties to maintain the confidentiality of Personal data, to provide Personal Data safety and protection according to the specified requirements.

Herewith the Personal Data Operator, not the Provider, will be responsible to Personal Data subject for 152-FZ requirements/ compliance.

Without the Commitment you will not meet the law requirement for transferring of Personal Data processing works to the third party, and provider will not be responsible to you concerning the 152-FZ requirements’ compliance.

Yes, we will sign Commitment for all our Customers.

The Law requires to maintain IT system’s compliance to 152-FZ. For Commercial Enterprises, it is sufficient to maintain the Cloud Provider’s certification and maintain your own Data Transmission IS compliance to requirements.

For Government Organizations the certification is mandatory, it places the restriction for IT system (the IS must not be updated).

We will deploy the infrastructure "from scratch", or arrange the migration:

  • In virtual infrastructure on-premise,
  • from other Cloud Provider,
  • from hardware.

Upon the establishment on our Cloud, we will configure all protection tools and will assist you with documents, if required.