ANRCTI launches the public consultation on the draft decision of the President of the Regulatory Authority for Communications and Information Technology on the methodological rules for authorising the data centres where the electronic archives are stored.
The draft decision is issued in view of enforcing the Law no.135/2007 for electronic archiving, which sets out the legal framework for the electronic document management as regards the creation, storage, consultation and use of the electronically archived documents or of the documents to be electronically archived. The law provides that the electronic archives must be stored in data centres that must be submitted to ANRCTI’s prior authorisation.
The data centres used by the electronic archives administrators represent the secured spaces where all the electronic documents entrusted for archiving by the beneficiaries are stored. For this reason, adequate information equipments and special facilities are mandatory for the proper functioning of these data centres so as to ensure the security and accessibility of the stored information. The data centres must provide a secure infrastructure for all the operations carried out by the electronic archive administrators, thus minimising the occurrence of incidents that would generate security breaches or the interruption of the service provision to the public.
Having regard to all these aspects, Law no.135/2007 established the obligation of prior authorisation of the data centres. According to the draft decision, the authorisation aims at observing certain minimal conditions related to ensuring the integrity and security of the electronic documents and of the space holding the equipments that host the electronic archives, as well as ensuring the information recovery following unpredictable situations.
According to the draft decision, the data centre must ensure the security and integrity of the stored information, as regards both the physical access to the used equipments and the remote access to the archived documents. The physical security involves taking certain measures such as restrict the access and use special equipments in order to avoid and detect physical intrusions. With a view to warrant the security of the remote access to the archived documents, the following must be used: intrusion detection systems (IDS), firewall (software and/or hardware), routers for filtering the traffic, antivirus systems, secure the processes of authentication and authorisation of the data access, encrypt the highly confidential information, keep an automatic log of all the actions conducted in the system.
The draft decision establishes the procedures and conditions of granting, suspending and withdrawing the ANRCTI’s decision on the authorisation of the data centres, the content, the validity period and the effects caused by the suspension or withdrawal of the authorisation decision, as well as the minimum requirements related to ensuring the data security and integrity and the permanent availability of the service, which are to be pursued during this procedure.
The draft decision of the President of the Regulatory Authority for Communications and Information Technology on the methodological rules for authorising the data centres is available for consultation on ANRCTI’s website. The interested persons are invited to express and send their comments and suggestions by June 12, 2008, to the ANRCTI headquarters (14 Libertatii Blvd., sector 5, Bucharest) or directly to the ANRCTI registration office, as well as to its territorial offices in the closest county capital city. Comments may be sent, as well, by fax, to +40 21 307 54 02, or by e-mail to consultare@anrcti.ro.