Information Governance

SER’s FSTEC certification opens up extensive opportunities

Alexandra Sieron

When a company plans to do business in the Russian IT market, worth $18.4 billion in 2017*, certain requirements need to be met. One of them is gaining certification from the FSTEC (Federal Service for Technical and Export Control). Russian authorities require that a company’s source code be reviewed by independent testing centers and that the company complies with a set of requirements for FSTEC approval. From 1996 till date, only less than 50 Western companies have taken this step**. SER now is one of them and by this a certified member of the Russian IT sector.

Source code review

Despite some criticism, the FSTEC certification is a crucial asset for businesses operating in Russia. The source code reviews are conducted by independent testing centers in special laboratories which are controlled by the company to which the source code belongs. This ensures that no software data can be transferred or altered, and thus keeps the risk of economic espionage to a minimum. Russia is known to be very cautious in this regard, as the source code reviews were established to ensure that there are no back doors hidden in the source code which allow other nations to infiltrate Russian systems. Here, firewalls, anti-virus applications and software containing encryption are assessed before these products are allowed to be imported and sold in the country.

FSTEC requirements

To gain FSTEC certification, companies need to meet several requirements. Here are some of the primary ones:

User management

It is essential to have a proper and secure user rights management system in place to allow for the identification and authentication of users who are employed by the organization which operates the software solution. Moreover, user rights management has to cover the creation, activation, deactivation and deletion of internal and external user accounts.

Access control

A stringent access control methodology is crucial. It defines the methods, types (e.g. read-only, write, and edit rights) and rules for access and access rights management.

Role management

According to FSTEC, a separation of roles is mandatory. In most cases, roles for internal users, external users and administrators are created according to access control methodologies. The roles are assigned different types of access rights to the information system.

Access to the information system

The information system needs to have special protection in place to prevent unauthorized access from outside of the user groups.

Mobile access

Companies must ensure that mobile access is protected from unauthorized access and access attempts. Content and data must be secured.

Overall security

The system must ensure that no unauthorized software and/or components are installed. All security measures must be logged.

Further details can be found here .

The FSTEC certification proves once again that our Doxis suite fulfills the highest security standards and that it complies with international standards

*According to International Data Corporation (IDC)
**Source: Reuters




Alexandra Sieron

Hey there, in my role as an International Communications Manager, I juggle analyst relations along with several international teams, PR and marketing projects for the SER Group. I am excited to share all our activities across the globe with you. Prior to joining SER, I held several marketing and communications positions at an international affiliate marketing network, where I worked 9 years. My other passion, good food!, started with a college job at a popular Berlin restaurant and hasn’t stopped yet. I try to explore the culinary highlights of Berlin and any other place I visit whenever I can.

Go back

Experience Doxis live!

Which Doxis solutions can help you meet your requirements? And how do they work? We’ll give you the answers in a live demo – either in person or virtually.

Subscribe to our newsletter!

Find the right DMS for your needs!

What should a DMS offer? What are the benefits you seek from it? This guide takes you step by step through the process of finding and launching a document management system. It includes practical information and checklists, use cases and recommendations.

Download now

How can we help you?

+49 (0) 30 498582-0

Your message has reached us!

We appreciate your interest and will get back to you shortly.

Contact us