Information security

According to Federal Law No. 187-FZ On the Security of Critical Information Infrastructure of the Russian Federation dated 26 July 2017, FPC established a permanent commission for assigning classes to critical information infrastructure (CII) facilities, defined the critical processes and prepared the list of the Company’s CII facilities, with the information on FPC’s CII facilities submitted to the Federal Service for Technical and Export Control (FSTEC Russia) within the timeframe specified by Resolution of the Russian Government No. 452 dated 13 April 2019. The Company is working to ensure the security of its CII facilities and comply with the regulatory requirements.

According to Federal law No. 152-FZ On Personal Data dated 27 July 2006 and its secondary legislation, the measures were implemented to ensure the security of personal data during its processing in personal data systems. A secure infrastructure has been built, and personal data systems were properly certified.

Information security regulations were updated to reflect changes in legislation and best practices. Data protection tools are maintained on an ongoing basis to prevent information security threats to FPC’s infrastructure.

The IT infrastructure of FPC’s passenger trains was checked for existing vulnerabilities, and measures were developed to eliminate them.