Development of an information security management system

mdtech OFFERS SERVICES FOR THE DEVELOPMENT OF REGULATORY DOCUMENTATION TO COMPLY WITH UZBEKISTAN LAW No. ZRU-547 "ON PERSONAL DATA"

Organizational and Regulatory Documentation (ORD) is the normative foundation for protecting company assets: from trade secrets to client and employee personal data. Without clear regulations, even the most advanced security systems cannot guarantee data integrity.

When Your Business Needs ORD Development:

• An audit by Uzkomnazorat or the Cybersecurity Center is expected.

• Certification of State Information Systems is required.

• Compliance with data localization requirements within the territory of Uzbekistan is necessary.

• Internal IT specialists lack the bandwidth or expertise to draft comprehensive documentation.

What’s Included in mdtech’s Service:

1. Procedural Regulations: Backup policies, cryptographic key management, and incident response procedures.

2. Technical Documentation: Architecture diagrams, Terms of Reference (ToR), and security tool integration specifications.

3. Threat and Actor Models: Analysis of relevant risks and attack vectors specific to the regional landscape.

4. Security Policies: General IS Policy, Personal Data Processing Policy (ZRU-547 compliant), and Access Control Policy.

5. Instructional Materials: Employee handbooks, safe behavior checklists, and DLP system manuals.

Development Stages:

• Analysis: Auditing data flows and defining processing purposes.

• Drafting: Creating the data processing policy and consent templates according to national standards.

• Responsibility Assignment: Preparing appointment orders and job descriptions for IS officers.

• Risk Assessment: Defining a set of technical security measures based on the threat model.

• Finalization: Delivering the complete, ready-to-approve package to the management.