DECISION OF THE NATIONAL COMMISSION ON SECURITIES AND STOCK MARKET OF UKRAINE

of October 2, 2012 No. 1342

About approval of Requirements to software products which are used in the capital markets and the organized goods markets, and to the software of the automated, information and information and communication systems intended for implementation of professional activity in the capital markets and the organized goods markets, depository activity of Central Securities Depository

According to Items 13, 20 parts one of article 8 of the Law of Ukraine "About state regulation of the capital markets and the organized goods markets", the laws of Ukraine "About electronic documents and electronic document management", "About electronic confidential services", "About information", "About access to public information", "About copyright and the related rights", "About information security in information and communication systems", the subitem 8 of Item 6 of the Regulations On the National commission on securities and the stock market approved by the Presidential decree of Ukraine of November 23, 2011 No. 1063, of the Presidential decree of Ukraine of May 22, 1998 No. 505 "About Regulations on procedure of cryptographic information security in Ukraine", resolutions of the Cabinet of Ministers of Ukraine of March 29, 2006 No. 373 "About approval of Rules of ensuring information security in information, electronic communication and information and communication systems" the order of administration of Public service of special communication and information security of Ukraine of July 20, 2007 No. 141 "About approval of the Provision to oporyadka of development, production and operation of means of cryptographic information security", registered in the Ministry of Justice of Ukraine on July 30, 2007 at No. 862/14129, for the purpose of establishment of single approaches to use of software products in professional activity in the capital markets and the organized goods markets the National commission on securities and the stock market.

1. Approve Requirements to software products which are used in the capital markets and the organized goods markets, and to the software of the automated, information and information and communication systems intended for implementation of professional activity in the capital markets and the organized goods markets, depository activity of Central Securities Depository which are applied.

2. Declare invalid the decision of State commission on securities and the stock market of July 16, 2003 No. 349 "About establishment of requirements to software products in the stock market", registered in the Ministry of Justice of Ukraine on November 17, 2003 for No. 1057/8378.

3." To provide (A. Zaik) to department of information technologies:

submission of this decision on state registration in the Ministry of Justice of Ukraine;

the publication of this decision according to the legislation.

4. This decision becomes effective in six months from the date of its official publication.

5. Control over the implementation of this decision to assign to the member of the commission Yu. Boyko.

Approved by the Decision of the National commission on securities and the stock market of Ukraine of October 2, 2012 No. 1342

Requirements to software products which are used in the capital markets and the organized goods markets, and to the software of the automated, information and information and telecommunication systems intended for implementation of professional activity in the capital markets and the organized goods markets, depository activity of Central Securities Depository

І. General provisions

1. These Requirements are established to specialized software products, the software of the automated information systems which are created and/or used by professional participants of the capital markets and the organized goods markets, Central Securities Depository (further - the Central depositary) when implementing professional activity, depository activity of the Central depositary (further - software products).

These Requirements are established to the software of specialized information and telecommunication systems (further - X) for implementation of professional activity, depository activity of the Central depositary which is created and/or used by professional participants of the capital markets and the organized goods markets, the Central depositary.

These requirements extend to all specialized software products which are used for forming of forms of representation in the National commission on securities and the capital market and the organized goods markets (further - the Commission) of administrative these different types and information, and also in case of exchange of information in electronic form between professional participants of the capital markets and the organized goods markets and/or the Central depositary.

2. In these requirements terms are used in the following values:

documentation - the interconnected documents or the document which/which contains the description of functionality of software product, project and organizational decisions for ensuring functioning, check of functioning of software product. Functionality of software product shall meet the requirements provided in the Law of Ukraine "About depositary system of Ukraine", these Requirements;

lifecycle of software product - period of time which begins with the moment of establishment of requirements to software product includes development, use, maintenance, technical support of software product and comes to an end with the termination of use of software product;

means of cryptographic information security - the program, hardware-software, hardware or other means intended for cryptographic information security;

development tools of software products - means which part programming languages, development tools of databases, operating systems, software products of data exchange, including with use of post systems, office packets of appendices are;

cryptographic protection - protection type which is implemented by means of transformations of information with use of special data (key data) for the purpose of concealment (or recoveries) contents of information, confirmation of its authenticity, integrity, authorship and so forth;

specialized information and communication system set of information and electronic communication systems which in processing of information for implementation of professional activity in the capital markets and the organized goods markets, depository activity of the Central depositary are effective as a unit;

specialized software product - software product which is created using development tools of software products and is used by professional participants, the Central depositary in the capital markets and the organized goods markets when implementing professional activity, depository activity of the Central depositary, except for:

software X (operating system, the program of exchange of e-mail, protection software X, etc.), without additional changes and amendments in full can be used in the activities which are not connected with the capital market and the organized goods markets;

software product public (operating system, office means, means of archiving of data, file manager, the program of exchange of e-mail and so forth) which without additional changes and amendments in full can be used in the activities which are not connected with the capital market and the organized goods markets;

auxiliary software product, use or non-use of which does not influence professional activity, depository activity of the Central depositary.

In the capital markets and the organized goods markets by professional participants, the Central depositary when implementing professional activity, depository activity of the Central depositary it is necessary to understand as use of software product as direct use of software product by the specified subjects, and use of software product by clients of the specified subjects in cases if need of such use is caused by provision by the specified subjects of services when implementing by them of professional activity, depository activity of the Central depositary.

Determination of specialized software product extends to software products for computers and other electronic devices, including wireless (mobile).

Determination of specialized software product extends to software in the form of the isolated programs, software and complexes, in the form of the complex, including distributed automated systems, in the form of websites and web applications;

the specification - the document which is constituted taking into account requirements of the state, industry and existing in Ukraine international standards, regulations and regulations which determines the purpose, the bases of appointment, the requirement which are necessary for development (development or upgrade) software product or the software X, contains technical, quality, functional characteristics and the list of the works necessary for creation of software product, and also stage and development stages;

functional requirements - the description of functions which are realized (it is offered to implement) in software product or refer to software product and cause its functionality, is the basis for technical solutions during its creation;

integrity of information - conditions under which information is stored, transferred and accepted without changes.

3. In these Requirements other terms are used in the values given in the legislation of Ukraine.

II. Requirements to software products

1. The software product which is created by the professional participant of the capital markets and the organized goods markets, the Central depositary or by request of the professional participant of the capital markets and the organized goods markets, the Central depositary is created based on the specification or the document, similar on content.

The software product which is created not by request of the professional participant of the capital markets and the organized goods markets or the Central depositary and was acquired or received in use of the professional participant of the capital markets and the organized goods markets, the Central depositary, shall have documentation.

2. The specification or other document, similar on content, concerning creation of software product for the purpose of program realization of regulations of certain regulatory legal act of the Commission shall meet the requirements of regulations of such regulatory legal act and these Requirements.

3. Professional participants of the capital markets and the organized goods markets and the Central depositary have the right to use software products and development tools of software products on legal basis with observance property and copyright, and also with compliance with law about sanctions.

4. Documentation to software product shall contain the description of the realized procedures which according to requirements of regulatory legal acts of the Commission are programmatically realized by this product, to have the instruction concerning use of software product, the description of the procedure of backup and recovery of information, including databases if the software product is used for creation or modification of own data, the description of procedures of work with information of the different access level to it, means of information protection.

5. Means of information protection which are used as a part of software product shall be realized according to national standards, regulatory legal acts concerning information security.

ІІІ. Functionality of software product

1. Functionality of software product shall meet such requirements:

a) the interface of the user of software product provides management of the functions specified in the specification on software product or the document, similar on content, and shall meet the requirements of these documents;

The interface of the user of software product provides management of the functions given in documentation on the program;

b) service requests of users and provide provision of necessary information if the software product is used for servicing of requests of users and provision to users of information.

The possibility of servicing of requests of users shall be provided by the specification or the document, similar on content, if the software product is created for servicing of requests of users and provision to users of information;

The possibility of servicing of requests of users is performed on condition of reduction of such function in documentation on the program if the software product is created for servicing of requests of users and provision to users of information;

c) provide possibility of viewing of information created taking into account requirements of the regulatory legal act of the Commission by means of the software product created upon the demand of such regulatory legal act;

d) provide possibility of printout for certain (required) date on paper of the documents created electronically by means of software product and provided by certain regulatory legal act of the Commission according to which this product is created, to exercise control of format of these such documents, control and check of compliance and integrity of information of documents electronically if the product is created for implementation of the specified functions on fulfillment of requirements of the regulatory legal act of the Commission.

This which are displayed in the printed-out documents on papers shall answer data which contain electronically this document and to meet the requirements determined by regulatory legal acts of the Commission;

ґ) to have the mechanism of processing of incomplete logically indivisible transactions (transaction) and to provide maintaining magazines of all the functions executed in software product in case of accomplishment with software product of indivisible transactions (transaction).

Mistakes in work of software product or its emergency completion shall not cause loss, severable or complete breach of information array with which the software product works;

e) have own or use the available mechanisms of creation of backup copies and recovery of information from backup copies irrespective of in what of the previous versions of software product this backup copy was created if the software product is used for creation or modification of own data;

e) provide possibility of addition of new functional modules in software product without change of structure of software product or blocking of use of new functional modules if such opportunity is provided by this software product.

The possibility of blocking of use of new functional modules to software product which are created for work with information with limited access shall be provided on fulfillment of requirements of certain regulatory legal act of the Commission;

є) to provide for forming of data which move in the Commission, export of information in formats which are determined by the Commission, and import of information on these formats in case of possibility of accomplishment of import of information;

g) in case of purpose of software product for information processing which requirements concerning protection are established by the legislation the software product shall have the built-in mechanisms of information security from unauthorized access, mechanisms of ensuring identification and authentication of users, mechanisms of preserving integrity of electronic documents, registration of actions of users, managements of access for users to information and separate functions which are provided by product; the software product can not turn on the built-in mechanisms of protection, and use the specified mechanisms of protection of the system software or have opportunity to be integrated into complex system of information security of the automated system in which this product is used if use of software product provides its integration in complex system of information security;

h) the software product, including electronic trading system (further - ETS) stock exchange which when forming information uses information, information and communication systems of information transfer, shall have the built-in mechanisms or provides possibility of connection of foreign policy tools of diagnostics of functioning of software product, ETS of the operator of the organized market, systems of information transfer and in case of identification of violation of work of software product, ETS of the operator of the organized market, systems of information transfer to provide the prevention;

i) in case of use of the built-in means of cryptographic information security (further - KZI) such means shall have the certificate of conformity or the positive expert opinion by results of state examination in the field of KZI according to the legislation;

і) in case of use of the built-in digital signature facilities or seal, or means of the advanced digital signature or seal, or means of the qualified digital signature or seal their application is performed according to the Laws of Ukraine "About electronic documents and electronic document management", "About electronic confidential services;

ї) to correspond (not to contradict) functional requirements which directly or indirectly follow from requirements of regulatory legal acts of the Commission, to the corresponding direction of professional activity in the capital markets and the organized goods markets.

2. Creation by software product of data archive if the archiving of data provided by the specification or the document, similar on content, is given in documentation on the program, shall provide observance of the following requirements:

a) opportunity to perform archiving of data which lost relevance, for their further storage during the term determined by the legislation;

b) possibility of document retrieval and information in archive which is created by software product.

IV. Maintenance and technical support of software product

1. In the course of lifecycle the software product is subject to maintenance and technical support.

2. In case of introduction of amendments to the legislation which requirements the software product shall meet these changes shall be implemented through changes in software product in time, provided by the relevant legislation.

3. In case of own development or development to order changes of software product are developed based on changes in the specification on software product or the document which replaces it, and are reflected in operational documentation on software product.

Changes of software product which is acquired or received in use are brought according to the procedure of maintenance of such product and shall have the accompanying documentation (the staticized operational documentation or changes and amendments to it in the form of separate documents).

V. General requirements to the software of specialized information and communication systems

1. When processing in X of the professional participant of the capital markets and the organized goods markets, the Central depositary of information which is property of the state, or information with limited access which requirement concerning protection is established by the law protection of such information according to requirements of article 8 of the Law of Ukraine "About information security in information and communication systems" shall be provided.

2. The software X of the professional participant of the capital markets and the organized goods markets, the Central depositary is created based on the specification which shall contain requirements for information security.

The specification on creation of complex system of information security (or the separate specification on system of information security in ITS) shall be approved with Public service of special communication and information security of Ukraine in accordance with the established procedure.

3. Functionality of the software X of the professional participant of the capital markets and the organized goods markets, the Central depositary shall conform to requirements:

a) have the mechanism of ensuring identification and authentication of users, registration of actions of users in X;

b) have the X controling mechanism;

c) provide data exchange and information with means of the X telecommunication system in case of their automated processing;

d) provide access for the user of information system X to electronic communication networks, the Internet or other networks for data exchange and information;

ґ) to provide data protection and information from computer viruses;

e) have the mechanism of establishment of powers of users on accomplishment of certain actions for information processing (reading, change, destruction, introduction of information) and differentiation of access for users to information processed in X;

e) provide blocking of unauthorized actions concerning information which is processed in X.

4. During creation X and the software X of the professional participant of the capital markets and the organized goods markets or the Central depositary software shall be used on legal basis with observance property and copyright, and also the legislation on sanctions.

5. Documentation to the software X of the professional participant of the capital markets and the organized goods markets, the Central depositary shall contain the description of functionality which according to requirements of the legislation, including regulatory legal acts of the Commission, is realized by this software, to have the instruction for use of the software.

6. In the course of lifecycle the software accepted in operation X of the professional participant of the capital markets and the organized goods markets, the Central depositary is subject to maintenance and technical support.

 

Disclaimer! This text was translated by AI translator and is not a valid juridical document. No warranty. No claim. More info