» »

Requirements of the Ministry of Telecom and Mass Communications to electronic document management systems. Analysis of requirements for electronic document management systems of federal authorities

Electronic archives

Typical functional requirements for electronic document management systems and storage systems for electronic documents in archives government agencies

Alexey Mikryukov
01 August 2018 10:27

Alexey Mikryukov, analyst of the companyDIRECTUM .

June 14, 2018 on the official website of the Federal Archival Agency (Rosarkhiv) in the section "Draft documents "Posted"Draft standard functional requirements for electronic document management systems and systems for storing electronic documents in the archives of state bodies »37 pages.

The industry has long awaited this document. And as stated in the project, the requirements are developed in order to form a single regulatory framework for electronic document management systems (EDMS) and electronic document storage systems (EDMS), as well as for assessing the already used EDMS and EDMS. The document clearly separates EDMS and EDMS, and this is an important point.

The allocation of the term SHED is one of the fundamental differences between the new requirements. There is a clear emphasis on the stage of archival storage in the life cycle of the document. Previously, it was mainly about the EDMS, and the issues of storing electronic documents (ED) remained behind the scenes. Accordingly, documents with long shelf life were previously either originally created in paper form or printed out before being transferred to storage.

The document addresses only functional requirements, in contrast to previous normative documents ( Requirements for electronic document management systems of federal authorities (SED FOIV), approvedBy order of the Ministry of Communications and Mass Media of the Russian Federation No. 221 dated 09/02/2011 ; see also ) ... Not considered systemically technical requirements, requirements for information security, reliability, as well as requirements for the interface of automated workstations of users of EDMS and SHED. The requirements do not apply to work with documents containing information constituting a state secret.

Analyzing the document, it is most interesting to consider the requirements associated with organization of storage of documents... The requirements for the creation or entry, registration, execution and control when working with documents are not so interesting, since these are the main tasks of the EDMS. Almost gone large organizations that would not automate these tasks using the EDMS. Therefore, the requirements for the EDMS are interesting only for assessing existing and used systems at the time of updating or changing, and this is a topic for a separate material.

General functional requirements

Let's start with "General functional requirements for document management in EDMS and SHED".

This section, in my opinion, reflects two important points:

First« 2.3. In the EDMS and SHED, the requirements for authenticity, validity, integrity and suitability for use electronic documents included in the specified systems».

In order to ensure compliance with these requirements when storing documents, it is necessary that when documents are transferred for storage in the SHED they are authentic, valid, complete and usable... Accordingly, before the document is transferred to the SED, the "responsibility" for the fulfillment of these requirements lies with the operational system (SED or other information system).

Second"2.4. In the EDMS and SHED, the metadata of the documents should be formed and saved:

- created when a document is included in the system (EDMS or SHED);

- generated after the inclusion of a document in the EDMS or SHED within the framework of its life cycle in system;

- used in the interaction of EDMS and SHED with other information systems (including MEDO, SMEV, etc.)

- associated with the transfer for subsequent storage (from the EDMS- to SHED, from SHED- to the state archive).

Metadata about the documents included in the EDMS or EDMS should be associated with the document to which they refer. "

That is, the metadata associated with a document is generated throughout the entire life cycle of the document, including throughout the entire period of its storage. At the same time, there are no explicit requirements for the format or method of storing metadata.

Working with archival documents

Preparation for the transfer of documents for storage in the SHED (clauses 3.8 and 3.9).

“The functions of the EDMS include:

  • Formation and maintenance of the nomenclature of cases
  • Assignment of documents to cases
  • Formation of lists of cases, documents of structural divisions
  • Examination of the value of documents, including the selection of electronic files, documents to be transferred to the SHED and the selection for destruction of documents that are not subject to storage. "

Everything is clear with the documents stored in the EDMS. But organizations have other information systems that can store documents, such as ERP. These systems may not "know" anything at all about the nomenclature of cases and the norms of office work. Accordingly, additional rules should be developed for them, according to which documents will be transferred to storage in the SHED.

The document does not say anything about how to download documents from other systems, the same ERP. Therefore, if an organization wants to store documents from ERP, then it will be necessary to come up with some rules according to which:

1) these documents will be downloaded from the ERP - this is the actual task of the ERP;

2) these documents will be placed in the SHED - this is the task of the SHED, and we have the tools for this.

Reception of documents in SHED (clause 4.3)

“SHED should provide:

Reception of electronic files, documents and inventories of structural divisions with a check of completeness

Check electronic signatures documents

Verification of reproducibility of electronic documents

Formation of response messages on confirmation or refusal to accept documents ”.

The requirements for reproducibility are indicated, but how to implement this is not clear.

The document contains an explicit indication of the format of ED containers, which is “ zip archive containing content and metadata of an electronic document, electronic signature files and a visualized copy of a text electronic document in PDF / A format».

Accounting and classification of documents in the SHED (clause 4.4)

The requirements for accounting for electronic documents in the SHED practically do not differ from the requirements for accounting for paper documents. At the same time, the requirements for the composition of ED metadata take into account only the specifics of documents typical for government agencies (letters, orders, etc.). Commercial organizations have much more variety of documents: commercial proposal, project charter, terms of reference, minutes of the procurement commission, etc. In this sense, the requirements are hardly applicable to other types of documents.

Storage of electronic files, documents in the SHED (clause 4.5)

This block seems to be one of the most underdeveloped requirements in the project. It fixes the requirements for providing SHED capabilities:

Reserve copy electronic documents;

● carrying out checks for the presence and status of ED using special check programs technical condition electronic documents and fixing the results of checks in the relevant acts;

● conversion and / or migration of electronic documents into new formats;

But at the same time, nothing is said about ensuring the legal significance of ED during long-term storage. These requirements are me.

Use of electronic files included in the SHED (clauses 4.2 and 4.6).

The use of ED assumes:

● Granting permanent and temporary access rights to documents

● Formation of a fund for the use of electronic affairs and organization of an electronic reading room on its basis

● Multi-criteria search

● Formation of archival copies, statements of statements

● Accounting for the use of electronic files.

There are still questions, first of all, on the provision of electronic documents at the request of various organizations, since there are no uniform requirements for the provision of electronic documents outside, and the practice has not been formed.

Examination of the value and selection for destruction of electronic files, documents with expired storage periods (clauses 4.7 and 4.8).

The requirements given in the draft also practically do not differ from the requirements when working with paper documents. The only difference is in the features of the destruction of electronic documents (for example, deletion of backups and guaranteed destruction).

Requirements for the transfer of electronic documents for storage in the state. the archive is described formally. The reason is most likely due to the lack of proven practices.

General conclusions

After analyzing the draft requirements, there is a feeling that what is stated in it "catches up" with the current state of affairs, consolidates existing developments, but does not fully answer existing questions, and even less does it try to predict and give answers to questions of the near future.

The document shows that there are many specific requirements for the system of long-term storage of electronic documents. Some of them are quite tough and specific. Enterprises have many systems that generate documents that are subject to long-term storage, or those that imply long-term storage: ERP, HR, ECM. CRM and others. Thus, we can conclude that the most appropriate allocate a separate long-term storage system integrated with source systems. Implementing the requirements in all of the above systems is long and expensive.

On the other hand, the requirements already have a technological basis that allows such systems to be implemented. The systems for working with documents available on the market can and should be checked for compliance with the requirements formulated in the regulatory framework.

Implementation of requirements

One example of a system that demonstrates readiness and fully meets these requirements is the Long-Term Archive solution from DIRECTUM.

Long-term archive is a comprehensive system for managing an organization's paper and electronic archive. The solution was developed in compliance with the rules of the Russian archival record keeping. It allows you to centrally store documents of any kind for a period, established by law RF, guaranteeing the legal force of documents throughout the entire storage period.

The solution can work with any ECM systems, not only with DIRECTUM solutions, it integrates with ERP and other systems due to ready-made mechanisms.

In addition, the solution not only now closes the task of creating an electronic archive, but also works for the future. The solution includes the ability to work with automatic document processing tools based on artificial intelligence for the classification and examination of the value of documents. In addition, they use their own unique technology to ensure legal significance, which in the future can be transferred to blockchain technologies.

(4.78 - rated by 9 people)

Due to the massive proliferation of modern automated technologies for working with documents in electronic form in 2013, by order of the Federal Archival Agency, two leading scientific institutions in the field of records management and archival affairs - the Russian State University for the Humanities (RGGU) and the All-Russian Research Institute in the field of records management and archiving (VNIIDAD) - carried out a number of research projects on preparation of methodological recommendations in the field of organizing work with electronic documents.

Some of these projects are:

  • "Archival and documentary functional requirements for information systems providing electronic document flow in the process internal activities federal executive bodies "(VNIIDAD).
  • « Comparative analysis file formats of electronic documents of permanent (long-term) storage ”(RGGU).
  • "Recommendations for the acquisition, accounting and organization of storage of electronic archival documents in the archives of organizations" (VNIIDAD).
  • "Recommendations for the acquisition, accounting and organization of storage of electronic archival documents in state and municipal archives" (VNIIDAD).
  • "Compilation of archival inventories in electronic form and their integration into the information infrastructure of state and municipal archives" (VNIIDAD).

The most voluminous document is prepared by VNIIDAD "Archival and documentary functional requirements for information systems that ensure electronic document flow in the process of internal activities of federal executive bodies" (hereinafter - Requirements). It is of the greatest interest both for office workers and for employees of IT departments who implement or configure electronic office work and document management (EDMS) systems, and in this article we will consider it.

The release of this document is very important: despite the fact that electronic document management systems have been used for almost twenty years, until recently, the only domestic document establishing the basic requirements for electronic document management systems (EDMS) was the order of the Ministry of Telecom and Mass Communications of Russia dated 02.09.2011 No. 221 " On the approval of the Requirements for information systems of electronic document management of federal executive bodies, taking into account, among other things, the need for processing official information of limited distribution through these systems. " This document contains only very brief (6 pages) and most General requirements to the EDMS. While the EDMS was used exclusively as intra-institutional systems, their diversity and incompatibility with each other were not a significant problem. But with the beginning of the transition to a single information space, the organization of interdepartmental electronic document management, the need to unify the EDMS, ensure their compatibility with national systems for document exchange, electronic interaction and archival storage come to the fore. Partly to resolve the issue of interaction EDMS systems sent GOST R 53898-2010 “Electronic document management systems. Interaction of document management systems. Requirements for electronic communication ”, but the archival and documentary requirements for EDMS developed by VNIIDAD are extremely relevant.

The requirements are intended for federal executive bodies, but in accordance with Art. 11 of the Federal Law of July 27, 2006 No. 149-FZ "On Information, Information Technologies and Information Protection" apply to other state bodies and local self-government bodies. Commercial organizations have the right to organize EDMS at their own discretion, but, given the role of the state in our country, usually all large and medium commercial organizations are guided by the rules established by the state for the convenience of interaction with state bodies.

Review of regulatory and methodological documents that establish requirements for the organization of office work and EDMS

The first section of the Requirements contains an overview of the regulatory and methodological documents that establish the requirements for the organization of office work and the EDMS. On two dozen pages, the main provisions of key documents in the field of automation of preschool educational institutions - standards GOST R 15489-1-2007 “SIBID. Document management. General Provisions", GOST R ISO 23081-1-2008" SIBID. Document management. Document management processes. Metadata for documents ", the European standards MoReq, MoReq2 and the requirements for the EDMS, approved by the order of the Ministry of Telecom and Mass Communications of Russia dated 02.09.2011 No. 221" On approval of requirements for information systems of electronic document management of federal executive authorities, taking into account, among other things, the need for processing through these systems proprietary information of limited distribution ”. The provisions of the Federal Law of 27.07.2006 No. 149-FZ "On Information, Information Technologies and the Protection of Information", the Rules of Office Work in Federal Executive Bodies, approved by Decree of the Government of the Russian Federation of 15.06.2009 No. 477 (as amended on 07.09. 2011), Federal Law of 06.04.2011 No. 63-FZ "On Electronic Signatures", Resolution of the Government of the Russian Federation of 09.02.2012 No. 111 "On the Electronic Signature Used by Executive Authorities and Local Self-Government Bodies when Organizing Electronic Interaction with Each Other, on the Procedure its use, as well as on the establishment of requirements for ensuring the compatibility of electronic signatures ”(together with the Rules for the use of enhanced qualified electronic signatures by executive authorities and local governments when organizing electronic interaction with each other). However, it should be borne in mind that the legislation in the field of working with electronic documents is changing rapidly, therefore, using this section, it is always worth checking for changes in regulatory legal acts, for example, the same regulation on MEDO is in force today in the 2011 edition, including a wider circle of participants ...

Practice of using EDMS in the process of internal activities of federal executive authorities

The second section of Requirements contains interesting information about the level implementation of EDMS in federal executive bodies, obtained on the basis of monitoring carried out by VNIIDAD. The very fact that there are 57 EDMS products of nineteen types per 74 federal executive bodies (FOIV) indicates how relevant unification is today in the field of electronic office management systems.

Stages of the life cycle of documents in an institution, the composition of the fields of registration and control cards, a scheme for the classification and organization of cases, requirements for applied functions, information support EDMS and the use of electronic signatures in EDMS - you will learn about all this from the article of Cand. ist. Sci., expert of Rosarkhiv S.L. Kuznetsova in No. 7 2013 of the magazine "Modern technologies of document circulation and office work"

In general, the "Archival and documentary functional requirements for information systems that ensure electronic document management in the process of internal activities of federal executive bodies" prepared by VNIIDAD can and should be used not only at the stage of selection, implementation and initial setup of the EDMS, but also in the analysis of already functioning EDMS for determining the compliance of the EDMS used in a particular organization with modern requirements.

Requirements for information systems of electronic document management of federal executive bodies, taking into account, among other things, the need to process official information of limited distribution, were approved by order of the Ministry of Telecom and Mass Communications of Russia dated 02.09.2011 No. 221, registered by the Ministry of Justice of Russia (No. 22304 dated 15.11.2011) and published in " Russian newspaper"Dated November 21, 2011, federal issue No. 5637. These Requirements were prepared by the Ministry of Telecom and Mass Communications of the Russian Federation in pursuance of clause 2 of the Action Plan for the transition of federal executive bodies to paperless document flow when organizing internal activities (approved by order of the Government of the Russian Federation dated February 12, 2011 No. 176-r ).

Thus, the long-awaited general system requirements for the EDMS have been in effect since December 2, 2011.But, oddly enough, they did not cause a special surge of professional interest either from the manufacturers of the relevant software products, nor from the side of office management services. It is obvious that the factors that determine the real transition to paperless document flow and specific aspects of the impact on the EDMS market remained unaccounted for and not fully regulated in the Requirements.

Let's try to consider the Requirements in various practical aspects: from the point of view of document management (office work), from the point of view of harmonization with the Rules of office work in federal executive bodies, approved by the Government of the Russian Federation of 06/15/2009 No. 499 (as amended on 09/07/2011).

On the fulfillment of the instructions of the Government

Let's see what was the essence of the order of the Government of the Russian Federation, which approved the Action Plan.

Item 2 contains name of the planned event, not the title / title of the document (requirements, specifications, etc.). Thus, the phrase “taking into account, among other things, the need to process proprietary information of limited distribution” should be attributed to one of the meaningful goals of developing such requirements, and not to the title of the document. This is important, since the approved document could be named more specifically, for example, "Technical requirements for information systems of electronic document management / EDMS", which would clearly reflect the purpose of its creation and avoid contradictions with the Rules of Office Work.

Further, the planned action according to clause 2 must be carried out without fail, taking into account the relationship with other actions. And the "key" points, which are indicated in the "strong-willed" government management decision are as follows:

According to the Government's Action Plan, the deadline for the development of new Requirements was determined as April 2011, and according to the corresponding departmental action plan of the Ministry of Telecom and Mass Communications of the Russian Federation - as August 2011

The professional community discussed such a significant violation of the deadlines for the execution of a government order on the definition of requirements for information systems of electronic document management. Publicly, it was explained by the lengthy procedure for coordinating the project with the co-executing agencies.

The usual technique for the execution of a collective assignment, in which the responsible executor (indicated first) and co-executors are appointed, provides first of all joint work, creation of working groups from the best specialists industries, holding operational meetings, etc. collective activity. Unfortunately, the joint definition and development of system requirements for the ERMS has been replaced by the usual approval procedure. Moreover, for approval in the period from April to July 2011, for example, three completely different versions / draft Requirements were sent to Rosarkhiv, in which there was no continuity of norms, the unity of the concept and methodology and the necessary systemic connection with the actions of all other federal executive bodies was not taken into account. authorities, in particular, on the implementation of uniform requirements established by the Rules of office work in federal executive authorities.

The most important thing is that the results of the efforts of federal bodies to determine the composition of documents, the creation, storage and use of which should be carried out exclusively in electronic form, were not taken into account, the direction of modernization of the existing EDMS was not taken into account in order to support this particular technology of paperless document circulation. Due to the violation of the terms for the development of the Requirements, most federal bodies were unable to determine the directions for improving the existing EDMS, to plan and carry out their modernization, i.e. to fulfill the measures established by clause 3 of the Action Plan of the Government on time.

Thus, within the framework of the deadline control of execution, the Government's order can be considered fulfilled (with the postponement and extension of the execution deadline), and within the framework of the control of execution in essence (i.e., management control), it cannot be unambiguously asserted that the Requirements have significantly advanced (and will be able to advance) federal executives on the way real transition on paperless document flow in the process of organizing internal activities and effective interdepartmental electronic interaction.

Real problems and prospects for the implementation of EDMS: opinions and expectations of federal executive authorities

Most of the federal executive authorities and their subordinate organizations are ready to introduce a full-fledged paperless document flow, actively use the existing EDMS, initiate their modernization, and successfully implement interagency electronic interaction using the MEDO system.

VNIIDAD, by order of Rosarkhiv, annually monitors the document flow of federal bodies. In 2011, very interesting results were obtained, indicating that, in fact, the practice requirements for the ERMS as a paperwork tool have long exceeded the minimum set of ERMS functions, which is discussed in clause 1 of the Requirements and in the subsequent text of this document.

First, in the federal government SED now they are mainly designed, refined and used as distributed information systems, the workstations of which are installed on the computers of almost all employees of the central office, territorial bodies, and not just office workers. In 2011, information about this was provided by 44 federal bodies out of 56 monitoring objects.

Secondly, when installing workstations of the interdepartmental electronic document management system (MEDO), the office management service centrally performs operations for receiving, sending and transmitting documents and electronic messages within the organization, which is determined by the Office Management Rules. According to the data obtained in 2011, MEDO jobs are assigned to heads of federal bodies and office-work services in almost equal proportions, i.e. about 2-3 jobs - management, 2-3 - business management or office.

Almost all office services for all objects of observation in 2011 reported that perform the role of the subject administrator of the EDMS:

  • determine the directions of improvements and modernization,
  • develop the necessary system of reference books and classifiers and keep it up to date, "loading" into the corresponding views, "folders" and Database standard forms / electronic templates,
  • make decisions on granting access rights.

This role of the office of the office in Western practice is called functional administration of the information system and provides for the responsibility of the document manager as the “owner” of the resource concerned. In the Requirements (clause 13 and section III) there is no distinction between the rights and roles of persons authorized to perform administrative functions when working with the EDMS, and the functions of system administrators. Access rights should be managed by the appropriate leaders of the organization - the owners information resources and a record keeping service in conjunction with so-called "security officers" (usually a security / information security service). And system administrators (IT service specialists) only technically open / provide the necessary accesses in the system in accordance with the already made decision. Thus, clauses 13, 28 and 29 of the Requirements need to be revised and clarified the concepts of "management of access rights and user groups", "EDMS administrator", etc.

In the process of monitoring the workflow in the federal executive authority in 2011, VNIIDAD obtained generalized data indicating the problems of switching to paperless document flow, the prospects for the development of EDMS, which were formulated by practitioners, representatives of the federal executive authorities themselves:

  • there is no tendency to reduce the number of paper documents, there is a significant increase in the volume of workflow due to electronic copies- scanned electronic images of documents that already exist in paper form. There is a parallel movement of documents on paper and in electronic form;
  • continuation of the parallel use of paper and electronic documents, i.e. duplication of document flows until an infrastructure is created that fully ensures the implementation of the Federal Law of 06.04.2011 No. 63-FZ "On Electronic Signatures" (since this Federal Law in the Requirements provides only a direct link, signatures in the EDMS, including for the office management service, remains an unresolved issue);
  • forced change of work functions established by the Rules of Office Work since when introducing an EDMS, the document processing process depends on the limitations of the system or the "parent" platform (this is how IT service specialists and contractor companies present the problem). In this regard, special training is required for employees - managers and ordinary users, the development of new regulatory documents, the introduction of amendments to the instructions for office work that do not correspond to the approved Rules of office work and administrative regulations of the federal executive body;
  • lack of a unified understanding of the structure of the EDMS (i.e. the developed organizational and functional architecture) and the provisions on the EDMS. Such a representation is absent both for those who formulate the terms of reference for the development of the EDMS, and for the companies producing software products (note that the Requirements provide only for the development of a "hierarchical / classification scheme" , and not the system architecture of the EDMS);
  • the need to introduce uniform requirements for information systems for all state bodies and organizations, which was provided for by the Government's Action Plan;
  • the need for a unified document management system for federal executive authorities with their subordinate organizations, mandatory implementation of distributed EDMS and the use of portal technologies;
  • the need to improve the interaction of EDMS and MEDO, i.e. building a common information space for federal executive authorities or, at least, ensuring the convenience of controlled entry into both systems from one workstation for an authorized employee of the office management service. Introduced in the Requirements of clause 5 on the interaction of the EDMS of the federal executive body with the SMEV and MEDO systems contains general references to documents of a higher level, to the corresponding regulatory documents of the Government of the Russian Federation, which do not contain specific requirements for the technical implementation of interaction, and in general view mention registration electronic services and a language for describing electronic messages. Whether the ERMS must have an appropriate gateway or adapter that is offered on the market by IT companies to ensure electronic interaction, the Requirements do not establish;
  • there is an acute problem of storing electronic documents in the information system in connection with the creation and approval by each department of the List of documents, the creation, storage and use of which is carried out exclusively in electronic form. There are no regulatory documents for the EDMS and standard formats for storing documents in the EDMS (note that the brief clause 12 of the Requirements for displaying file formats in the EDMS without dividing into documenting / creation formats and storage formats for electronic documents does not help much to solve the problem);
  • The office work rules provide for the use of input forms (the appendix is ​​a list of mandatory information about documents), including electronic document templates that provide information about a document in the EDMS or direct documentation, i.e. creation of a document in the system according to the approved unified form. Specialists of the office management services of the federal executive authority perfectly understand this area of ​​work and hoped to receive regulated requirements containing at least the structure of an electronic document in the information system or a set of its mandatory details / attributes, components and relevant metadata, taking into account information security and interaction with MEDO. However, the approved Requirements do not yet contain such systemic provisions.
    At the same time, in the process of document flow monitoring carried out by VNIIDAD in 2011, more than 14% of federal bodies-objects of observation reported on the availability of document forms approved in 2010 and plans for their further development. And the Ministry of Health and social development RF gave information that in connection with the development new version EDMS he created and used 230 standard unified forms letters-responses to citizens' appeals, which will be used in electronic form, i.e. as electronic templates for the preparation and execution of documents. More than 50 standard unified forms for correspondence and for internal communications are used federal Service bailiffs, the Federal Migration Service and other departments.
    The development of the technology for entering documents into the EDMS on the basis of their unified standard forms (electronic templates) confirms the requests of practice, but in the approved Requirements, scanning technology is considered a priority when entering documents into the EDMS, which increases the total volume of workflow due to the received electronic images / copies.

Is this a regulatory document ?!

Registration by the Ministry of Justice of Russia of the order of the Ministry of Telecom and Mass Communications of the Russian Federation dated 02.09.2011 No. 221 "On approval of Requirements ..." gives them the status of a valid regulatory document. But the text of the order does not contain any mandatory state regulations designed for repeated use, instructions on the mandatory fulfillment of the Requirements, securing responsibility for the methodological guidance of their application and responsibility for non-compliance. The Requirements themselves are a technological document, and part of the text does not contain norms and rules of direct action, but refers to regulatory legal acts, incl. higher level, and standards. It is stated in such a way that, in essence, the Requirements can be attributed to acts of a recommendatory nature. As you know, such normative acts, as well as technical acts, in accordance with the clarifications of the Ministry of Justice of Russia (order dated 04.05.2007 No. 88) should not be subject to state registration. In addition, the Ministry of Telecom and Mass Communications of the Russian Federation can adopt regulatory legal acts for regulation only information technology: to establish requirements for networks and means of communication, for the data format in state information systems, for information security of information systems, etc.

Nevertheless, the order of the Ministry of Telecom and Mass Communications No. 221 and Requirements state registration passed, despite the fact that office work and workflow are not in the field of information technology (i.e. in the immediate area of ​​responsibility of the Ministry of Telecom and Mass Communications of Russia). The situation can only be explained by the fact that, according to the plan for the transition to paperless document flow, approved by Decree of the Government of the Russian Federation No. 176-r, the final result of the implementation of measures under clause 2 established the publication of an order, and the Ministry of Telecom and Mass Communications of the Russian Federation was appointed as the responsible executor for this event, as well as those, that the Requirements will be of an interdepartmental nature.

In the text of the thematic sections of the Requirements, 10 direct references are made, including to normative legal acts ("... in accordance with the Decree ...", "... in accordance with the Federal Law ..."), despite the fact that that the acts establish norms and rules of the highest level. These high-level standards just needed to be specified in the Requirements, to transfer them to the level of methodology and technology in the process of introducing and using information systems.

At the same time, when listing the processes of the preschool educational institution, which the EDMS must provide (clause 6), the Rules of office work are not mentioned, the names of the "processes" do not correspond to the technology of office work and the professional names of office operations.

According to the text, a link is made to the basic standard GOST R ISO 15489-1-2007 for document management (clause 9), but only 2 of the 4 fixed by it were concretized and clarified in the Requirements general characteristics documents that are created, used and stored in the information system (authenticity and integrity of the document).

The European specification MoReq (Model Requirements for the management of electronic records) is not mentioned anywhere in the text of the Requirements, even in the form of a reference. But one of basic concepts MoReq - The "classification schema / hierarchical schema" of the information system is derived from this very source.

It is regrettable that not all applicable national standards Russian Federation on document management in the development of Requirements were taken into account. So, the classification of metadata, on the basis of which the system of identifiers and reference books of the EDMS is built, is established by GOST R ISO 23081-1-2008; the structure of the electronic document (to clause 13 of the Requirements) and support for versioning are disclosed in detail in the official translation of the IEC 82045-1 standard, registered by the Federal State Unitary Enterprise "Standartinform", which establishes the principles and methods of document management from the standpoint information technology, electrical engineering. And the obligation to regulate the processes of creating documents when developing requirements for an information system (which is practically not done in the Requirements) is enshrined in the GOST R ISO 22310-2009 standard.

Highlighting a special section "Normative references" would not only facilitate the perception of the entire subsequent text of the Requirements, but would also show that a single normative and methodological basis, which should combine the actions of office professionals and IT services on the way to moving towards a real paperless workflow.

This consolidation would be facilitated by the allocation of a special section of the Requirements containing the conceptual apparatus. Necessary:

  • harmonize terminology, introduce and define concepts "Props", "fields / field", "metadata", a
  • when listing specific requisites / fields of an electronic document, indicate one more of their characteristics - whether the requisite is identification.

Instead, new, partly colloquial names of office work were introduced, which were not provided for by the Rules of Office Work. ("Bringing the document to the user of the EDMS" instead of "sending the document for execution or to the executor", "writing off documents to the archive" instead of "organizing current storage", "storing documents and ensuring their safety", "transferring cases to the archive"), used "parallel", but not synonymous with clerical concepts of "technicalism" ( "Prohibition on creation", "display of file formats", "to extract values ​​from fields assigned by an official", "to request the EDMS user to enter mandatory metadata", "imposition and removal of a ban on destruction of a section of the classification scheme", "the ability to create, modify or to destroy the shelf life "," the appointment of the storage period "," the number of storage periods ", etc.).

The structure of the text of the Requirements is drawn up according to the rules provided for the regulatory legal acts of federal executive authorities. There are only three sections in the Requirements:

  1. General Provisions.
  2. Description of processes documentation support management in the EDMS FOIV.
  3. Requirements for information security of the EDMS federal executive authority, including when processing official information of limited distribution.

Sections are designated with Roman numerals, and the numbering of all points is gross, Arabic numerals, i.e. in the order of numbers and without taking into account the belonging of the item to the section. It corresponds .

The clauses of the Requirements have been developed in varying degrees of detail, which may be considered acceptable. But the second section does not fully reflect the requirements established by the Rules of Office Work, and does not correspond to their logic, this reduces the significance of the Requirements as a normative document. For example, the creation of documents in the EDMS is not systematically regulated in the Requirements (there is only a brief clause 11) and the phrase that the EDMS "should allow maintaining storage periods with a duration of at least 100 years" (clause 20, last paragraph, sub . "E") or "to ensure the storage of all electronic documents ... for a period of at least 5 years" (clause 3) will remain only a good wish.

Applications, identifiers and classifiers, which are referred to in general terms in the text, are not formalized to the Requirements.

Subject of regulation

In the absence of a special terminological section of the Requirements, of interest is clause 1, which consolidates the definition of the concept of EDMS and, in part, the purpose of creating this document:

SED FOIV - it is a system of automation of office work and workflow, providing the possibility of internal electronic document flow, and the Requirements determine the minimum set of functions that must be performed by the EDMS of the federal executive authority in the implementation of the activities of the federal executive body, as well as the conditions for managing documents within the EDMS of the federal executive authority.

This definition does not meet the requirements of the Rules of Office Work (as amended on 09/07/2011) and departs from the established national standard GOST R ISO 15489-1-2007 modern (new and not minimal) document management concept. The EDMS, which supports the implementation of the unified rules of office work in all federal executive authorities, should be considered as an information system that ensures the collection of documents (inclusion of documents in the system), their processing, document management and access to them. The definition of the subject essence of the EDMS of the federal executive authority, approaching in meaning to what is established by the Rules of Office Work, is recorded only in clause 4 of the Requirements, and the EDMS is considered in this definition as information system designed to manage all documents of federal executive authorities, including draft documents(as you know, a draft, a project is not considered at all in office work in the status of a document, therefore this clarification is redundant).

Employees of the federal executive authorities' office management services and the professional community did not expect the minimum set of functions to be performed by the EDMS FOIV(clause 1 of the Requirements), but a detailed and modern recruitment functional and technical requirements that would allow federal authorities:

  • to carry out a phased transition to electronic document flow with a gradual departure from the mass scanning of sent and internal documents, and then the document flow of incoming documents,
  • ensure a real paperless workflow of those documents that federal executive authorities have included in the corresponding lists of electronic documents,
  • choose directions for effective modernization of existing EDMS,
  • correctly implement the electronic signature mechanism and
  • to fully implement the measures stipulated by the order of the Government of the Russian Federation No. 176-r.

In this regard, clause 2 of the Requirements that they apply to federal executive authorities implementing an electronic document management system or assessing the capabilities of an existing EDMS sounds unconvincing. The analysis shows that only clause 3 of the Requirements allows to evaluate the EDMS (when choosing a system) according to technical, non-functional criteria, and the functional selection criteria have long been established on the market and are taken into account by IT companies offering software products and federal authorities conducting the corresponding purchases.

It should also be noted that the level of requirements for EDMS in practice is quite high, almost all federal executive authorities in 2011 had one or another, incl. industrial EDMS. Judging by the monitoring questionnaires, even those federal bodies that answered that they did not have their own system actually used the EDMS jobs of a higher ministry (distributed system of the industry) or EDMS, "inherited" from the federal executive authorities-predecessors, which were restructured during the stages of administrative reform recent years... Perhaps, only in the Federal Archival Agency SED is really absent.

Thus, the goal of developing the Requirements was to be modernization in the field of introducing information systems into office work on the basis of uniform regulatory, methodological and technical norms, parameters and requirements, which was implied by the Government's Action Plan.

General non-functional requirements for the EDMS

A useful clause of the Requirements, "leveling" the technical requirements and sufficiently influencing the EDMS market, is clause 3, which enshrines recommendatory requirements for the performance of the EDMS, its reliability and for the protection of information in the EDMS.

The requirement is unconditional scalability of EDMS in the federal executive branch, because in the federal authorities of the EDMS in Lately designed as distributed systems teamwork where employees of the central office, territorial bodies, subordinate enterprises, etc. work.

Performance indicators in this case will largely depend on factors that are not related to the EDMS itself - the degree of network load, its bandwidth, configuration and loading of server resources. Access to the EDMS for no more than 3 seconds., of course, will be welcomed by users, but the clerical service needs to know that this standard and the standard for access to the card created when registering a document (“input” form, electronic document card) is no more than 5 seconds. , - can affect the production rates, the calculations of the number of employees at the registration area / input of documents into the system, the assessment of work efficiency, etc. Experience " best practices"Shows that the specified technical requirements, as well as the requirements for limiting the system downtime and limiting the time for restoring a document from a backup copy are usually set in a specific Service Level Agreement (SLA), which is concluded by the" owner "of the EDMS, i.e. e. office work service, with an IT department performing system administration, and the specific values ​​of standards / measures from year to year tend to decrease, are being optimized.

Automatic notification of the user of the EDMS FOIV about a failure in the system, in our opinion, should not be formulated as a separate technical requirement, but can be mentioned as an option, one of the possibilities in the general mechanism of notifications and reminders to users of the system, which the EDMS of the federal executive body, of course, should have.

The recommended requirements for minimizing the risks of losing electronic documents (at least one backup copy) and the EDMS reliability factor (not less than 0.98) can probably be considered sufficient today, but for document flows federal bodies existing exclusively in electronic form, these values ​​of the coefficients need to be strengthened. Moreover, technical standards can be formulated for other indicators of the functioning of the EDMS, and each indicator can be set its own norms / their boundaries (loss coefficient and error rate with the boundaries "no more", "no less", the response time of the communication center in the center, in the territorial body, etc.), and on the basis of technical standards, it is possible to calculate the values ​​of the reliability indicators of the EDMS not in general form, but according to real document flows. This is especially important for the modernization of the EDMS of the federal executive authority at the design stage, when measures are developed to fulfill the requirements for reliability, as well as at the stage of monitoring the system load indicators and analysis. technical malfunctions... It should be borne in mind that the values ​​of the reliability indicators of the communication network are also specially established and monitored. And in general, software companies can provide a much larger number of estimated indicators and characteristics for choosing an EDMS.

Requirement for the volume of the database for storing electronic documents for a period of at least 5 years is, rather, a functional requirement, "archival". It should be clarified here that it is also necessary to store electronic images, i.e. copies of documents obtained as a result of scanning, as well as take into account the fact that documents with a storage period of up to 10 years inclusively are not transferred to the federal executive authority's archive (clause 34 of the Office Work Rules). Indeed, the five-year storage period is mainly for documents of operational importance, which can be created, used and stored in the EDMS itself exclusively in electronic form. By the way, this provision will make it possible to require, within the framework of the organizational and functional architecture of the EDMS, the creation of a repository for the operational / current storage of electronic documents themselves. A separate repository should be provided for those electronic copies of documents, the projects of which were created, agreed and finalized in the EDMS, but according to the methodology for choosing the medium (ISO 15489: 2001, GOST R ISO 15489-1-2007), their originals / originals must be signed and registered (identified in the system) in paper form, because are subject to permanent or long-term storage. On the basis of this repository, a use fund can be organized for sending documents for execution, broadcasting information and documents to employees of the organization, its active use in current activities, and then - as the same already created use fund, it can be used in the archive to which the originals are transferred documents in paper form. Unfortunately, the methodology of standards for document management is not revealed even in the rather lengthy clauses 19 and 20, devoted to the functional requirements for the ERMS.

Non-functional requirements for information security EDMS

Special attention should be paid to the requirement for the security of the EDMS, when it provides for the processing of service information of limited distribution - not lower than class 1 G (clause 3 of section I).

In the absence of a corresponding link, it can be assumed that this requirement based on the Guidance Document “Automated Systems. Protection against unauthorized access to information. Classification of Automated Systems and Requirements for Information Protection ", approved by the State Technical Commission under the President of the Russian Federation on March 30, 1992 (hereinafter referred to as the Guidance Document).

The guidance document established the classification of automated systems in which confidential information is processed, i.e. restricted information federal laws... The defining features of the classification are:

  • availability in automated system information at various levels confidentiality;
  • distribution of powers and levels of access to confidential information;
  • individual or collective mode of information processing in the system, which can be supported by all modern EDMS.

Security class 1 G assumes that the ERMS must be clearly highlighted:

  • access control subsystem,
  • a subsystem for registration and accounting of users, programs, transactions, including accounting for access to protected files, their transfer through communication channels,
  • accounting for access to the communication channels themselves,
  • accounting of powers / access rights,
  • accounting of information carriers in terms of "cleaning freed up areas of RAM" and external drives, i.e. accounting for the destruction of documents (according to ISO 15489: 2001).

The ERMS must also have a subsystem for ensuring the integrity software tools and processed information, but the presence of a cryptographic subsystem (encryption and the use of attested / certified cryptographic means) is not provided for by the class of the 1G system. In this regard, more clear explanations in section III of the Requirements require the question of the use of the federal executive authority in the EDMS enhanced electronic signature.

I would like to note that the Guidance Document prescribes registration and accounting of the issuance of printed (graphic) output documents... This requirement is quite consistent with the current draft 2010 Economic Commission for Europe Recommendations No. 37 that a signed digital (i.e. electronic) document is a digital document that can be presented as evidence, and if a digital document is to be printed, it must contain additional data, thanks to which the reader could verify its authenticity and integrity... In addition, it explains the practical needs of clerical services, which, when choosing or developing an EDMS, order form counters, document printing counters a certain kind, incl. having a stamp "For official use". Unfortunately, Section III of the Requirements does not address these issues, despite the fact that well-known provisions are set out in lengthy and voluminous paragraphs 30-32.

Section III of the Requirements, containing requirements for the ERMS in the aspect of information security, can be considered quite relevant, with the exception of attempts to establish in the technical document the organizational and functional tasks of the federal executive branch... For example, item 26 says that SED FOIV should provide access to documents in accordance with the security policy, but for the federal executive authority the security policy or document management policies are not established as mandatory organizational documents. The powers of the administrator of the EDMS of the federal executive authority must be recorded in the official regulations official Federal executive authorities (clause 29), but this issue is resolved in the administrative regulations for organizing the internal activities of federal executive authorities and cannot be a subject of regulation in these Requirements of a technical nature.

At defining user roles in the system and defining access rights It is also necessary to take into account the Regulation on the procedure for handling official information of limited distribution in federal executive bodies (approved by the Government of the Russian Federation of 03.11.1994 No. 1233), in connection with which a mark / stamp “For official use” is drawn up on the documents. The type of secrecy (the corresponding restriction of access and the stamp) should be determined by the owners of management processes / functions, i.e. heads of the organization or structural divisions, but not the administrator of the EDMS.

Basic regulatory prescriptions in the field of preschool educational institutions

Description of the processes of documentation support of management(DOE) in the SED FOIV section II of the Requirements is devoted. But for the development and implementation of the EDMS in this document, it would be better to fix the requirements for the EDMS, which would make it possible to implement the technology already described in:

  • federal legislation on electronic signature,
  • Rules of office work of federal executive authorities,
  • instructions for the office work of federal bodies, which are developed (and agreed with Rosarchiv) on the basis of a single methodological document at the national level - Guidelines for the development of instructions for office work in federal executive bodies.

With such a sufficiency of a unified regulatory and methodological base, it is surprising that clause 6 of the Requirements once again consolidates the processes of documentation support in the EDMS, which include:

  • a set of actions to save a document or information about it in the EDMS, defining the place of the document in the EDMS and allowing you to manage it, i.e. in fact, the substantive essence of the definition of "input" of a document is formulated, which does not correspond to the GOST R ISO 15489-1-2007 standard, which establishes a more complete description of the methods for including a document in the EDMS (clause 9.3);
  • bringing the document to the user of the EDMS FOIV(this should mean a developed mechanism of reminders and notifications, or simply a mechanism for setting routes for sending a document for execution, for consideration by the organization's management or directly in structural units performers);
  • document approval(it is necessary to regulate the requirements for organizing the internal approval of documents in the EDMS and external approval, since both of these forms of approval are provided for by the Rules of Office Work);
  • document signing(probably, until the completion of the infrastructure creation, which ensures the full implementation of the federal legislation on electronic signature, one should not expect specific requirements for signing documents in the EDMS or in the interacting MEDO);
  • fixing the logging of actions(control information), performed in the EDMS and including both the actions of users and the actions of the administrators of the EDMS (this is a system process that is not related to the operations of management documentation);
  • transfer of documents (sending)(this is a traditional and important office-work operation, but its regulation without defining the requirements for the operation of receiving documents, including through telecommunication channels and others, including mail and couriers, looks unconvincing. In addition, clause 42. of the Office-work rules establishes that the reception and sending of documents is carried out by the office work service, i.e. these operations are considered as related, moreover, it is the office management service that verifies the authenticity of the electronic signature of the received document (clause 41), and clause 23 also provides for the transfer of documents within the federal executive authorities, i.e. (ie internal routes of movement. But for some reason the Requirements say only about sending documents). By the way, clause 16 of the Requirements mentions the "original" norm, according to which the EDMS should ensure the printing of envelopes and the mailing list of outgoing / sent documents, while the EDMS should ensure, first of all, electronic interaction, and if it does print, then not envelopes , and stickers on them based on the mailing list, and not only the mailing list, but also an inventory of correspondence sent by standard form established by the Russian Post);
  • storage and accounting of documents in accordance with the instructions for office work in the federal executive authority, as well as control of performance discipline, preparation of reference materials and writing off documents to the archive(several tasks are formulated in one sub-clause as one multidimensional task, in addition, the last name is not a term for office work and archiving).

Thus, it is assumed that the EDMS, in accordance with the Requirements, should not and will not be able to fully support the clerical operations established by the Clerical Rules, which say (clause 41) that documents of federal executive authorities are created, processed and stored in the electronic document management system.

It is the Office Work Rules that lay down the basic functional requirements for the EDMS - systems should only be a means / tool for documentation, a "transport" that provides routing of document flows, and, finally, a "storage" that provides not only the operational storage of documents and accounting and reference apparatus for them, but and longer storage of electronic documents (up to 10 years inclusive; clause 34 of the Office work rules).

The issues of creating documents, in our opinion, should be considered at the very beginning of the Requirements, taking into account all the norms of the Rules of Office Work and their annexes, and not in a brief clause 11, which is not specified, but contains only a direct reference to the Rules of Office Work.

Classification of document flows(Clause 7 of the Requirements) was basically carried out correctly and complies with the Rules of Office Work and the practice of interdepartmental electronic interaction of federal executive authorities using the SMEV and MEDO systems. But, unfortunately, practical application individual gateways and storages EDMS federal executive authority for receiving and processing electronic messages and documents received by e-mail, was not reflected and developed in sub. 7 "d" Requirements.

The regulation of the processes of including documents in the EDMS of the federal executive authority (clauses 6, 8, 10, 13) reflects the requirements for document management established by GOST R ISO 15489-1-2007. However, paragraphs 8 and 10 mention list of documents for which a ban on creating an electronic image is established... The need for its development or approval as part of the instructions for office work of federal executive authorities The rules of office work do not provide. In our opinion, a clearer a ban should be set on scanning primarily internal documents, as a result of which electronic images / copies of documents already created in paper form are created.

More clearly should be formulated and the requirement to create documents in the EDMS FOIV exclusively in electronic form in accordance with the list of electronic documents (approved by Rosarkhiv and approved by the federal executive authorities), which is not mentioned in the Requirements, and the federal authorities have spent enough resources on the development of such lists.

GOST R ISO 15489-1-2007 establishes a more complete a list of the characteristics of the document that is created, used and stored in the information system than those that must be provided by the EDMS of the federal executive body in accordance with paragraph 9 of the Requirements. First, must be installed requirements for the structure of an electronic document(listing the file formats in clause 12 of the Requirements is not enough), and, secondly, the characteristics authenticity document, credibility, integrity and suitability for use are interconnected and interdependent, so you should not make only two mandatory, and omit the rest.

In addition to the functional requirements, Section II establishes and the actual technical requirements for the EDMS(fixing the date and time of all transactions, system logging and ensuring the safety of system protocols during the storage periods of the documents themselves, the requirements for setting up an interactive interface, support for versioning of draft documents, and others), which for the most part correspond international standards on document management.

We will briefly comment on the final paragraphs of Section II of the Requirements (clauses 19 and 20), because, in our opinion, without the allocation of repositories in the organizational and functional architecture of the EDMS and without clear regulation of the rules for creating documents, it makes no sense to establish any requirements for storing documents in the system. And so it turned out that a sufficient number of formulations in these points fixes the actions of the subject (functional) administrator of the system, i.e. office services, not system requirements. The EDMS itself cannot “create” a time limit, “allocate documents for destruction” and “destroy” them, “provide for a minimum set of options for actions in storage terms” with documents, “limit the number of storage periods”, etc. These operations will be carried out by the subject administrator of the system (responsible for the archive), developing appropriate reference books, classifiers and establishing an algorithm for their functioning. The EDMS must support, but cannot automatically conduct an examination of the value of documents, their destruction.

The requirement to create documents that formalize the procedure for transferring documents to the archive (sub. 20 "d") is not fully formulated, since in the form of reports from the EDMS, it is necessary to receive more established form and internal inventories of cases of permanent, long-term storage and personnel.

Interest is only superfluous, in our opinion, the requirement for compliance with the classification scheme of the EDMS federal executive body(clause 19 of the Requirements) sections and subsections of the nomenclature of cases, which for federal executive authorities is being developed as a structural type classifier (clause 29 of the Office work rules). This requirement determines the dependence of the organizational and functional structure of the EDMS on organizational structure the federal body itself, which changes quite often (after all, the administrative reform continues), and this dependence is not functional and optimal, since The EDMS should support, first of all, the processes of working with documents and interaction within the federal executive authority, and not specific structures.

Brief conclusions

Thus, the recommendations of the Requirements of the Ministry of Telecom and Mass Communications are regulatory document, subject to careful study and verification for compliance with the requirements of the Rules of Office Work, which are mandatory for federal executive authorities! The Requirements themselves cannot fully support the norms and rules for the performance of office work established by the Rules of office work and departmental instructions for office work in federal executive authorities developed on their basis.

The requirements are an interesting document that has a regulatory status, but in fact cannot be applied in its present form, since requires development, clarification and concretization in the context of full and real compliance with the Action Plan approved by Government Decree No. 176-r.

And one more important note: Currently, none of the ready-made EDMS solutions offered on the domestic market can meet the requirements.

Footnotes

Collapse Show


One of the functional subsystems of the corporate information system is an electronic document management system (EDMS), the development of which is to increase the efficiency of economic systems management based on the automation of document management and business processes, all types of work with documents that ensure and coordinate the joint activities of all participants in the management process.

Currently being created electronic document management systems must meet the basic requirements of the CIS.

Scalability. It is desirable that the electronic document management system could support both several units and several thousand users, and the ability of the system to increase its capacity was determined only by the capacity of the corresponding hardware. Fulfillment of such a requirement can be ensured by supporting industrial database servers manufactured by companies such as Sybase, Oracle, Informix, etc., which exist on almost all possible software and hardware platforms, thereby providing the widest range of productivity.

Distribution. The main problems when working with documents arise in geographically distributed organizations, therefore, the architecture of electronic document management systems must support the interaction of distributed sites. Moreover, distributed sites can be combined with a variety of communication channels in terms of speed and quality. Also, the system architecture must support interaction with remote users. J

Modularity, It is quite possible that the customer may not need to immediately implement all the components of the workflow system, and sometimes the range of tasks solved by the customer is less than the entire range of workflow tasks. Then it is obvious that the electronic document management system should consist of separate modules integrated with each other.

Openness. An electronic document management system cannot and should not exist in isolation from other systems, for example, when it is necessary to integrate the system with other applied systems, in particular, an accounting program. For this, the workflow system must support general standards for data processing and transmission and have open interfaces for possible refinement and integration with other systems.

4. Protection of electronic documents

The general scheme of the SP at the enterprise, shown in Fig. 8, reflects the system of organizational and technical measures for health protection.

Organizational measures determine:

    job functions of personnel involved in data processing;

    for critical operations, control and execution of the operation should be carried out by two employees with different keys;

    conditions for reliable storage must be provided for the database;

    it is forbidden to transfer data to other places (firms, organizations) if conditions of reliable protection are not provided there;

    an evacuation plan must be developed to save data in the event of force majeure.

The ZD control is of great importance, which is subdivided into two types:

External review or audit (performed by a third party);

    internal verification (in-house) The technology includes the following verification activities:

    system documentation;

    design documentation (buildings, premises, computing centers);

    design documentation for software;

    guiding user documents on software and operating systems;

    employment (access) and management;

    revisions of source codes;

    names of data files and folders (directories);

    all data carriers;

    terminal access;

    lists of users and their rights;

    console protocols;

    system logs;

    hardware and software failure logs;

Electronic data processing protocols and changes to personal data, etc.

As a result of the actions performed, a checklist is created, which can be carried out using special or publicly available software in two types of media: hard (paper) copy and electronic form.

As technical protection measures electronic signatures and electronic envelopes are used.

Electronic signature is a special sequence of characters added to the text to certify its authenticity. It is obtained through complex mathematical transformations from the text itself and a special number K, called your secret key. Obviously, any unauthorized person, changing the text, must make the appropriate changes in the signature. However, knowing one of its components - the text, it does not know the other - the key, and, therefore, cannot make such changes. When verifying a signature, actions are performed on it, the opposite of those with which it was obtained, but instead of the secret key, another number is involved in them - the public key. Naturally, it depends on the secret, but in such a way that it is impossible to obtain the secret key from the public one. Thus, you can send your public key to all subscribers without worrying about protecting it. Even if it falls into the hands of someone else, your information will not be tampered with. This method of generating and distributing keys is called the principle of public key distribution.

The same principle is used when sealing a letter in electronic envelope ... Two keys are used for sealing: your private key and the public key of the subscriber to whom the letter is intended. From these two keys, one - a common - key is generated. It is also used for printing, but in this case it turns out the other way around - from your public key and your subscriber's private key (these two pairs are designed in such a way that the public keys are the same).

It is convenient, firstly, because you do not need to personally meet with all subscribers to change the keys - you just need to send them the keys by e-mail, and secondly, because you create and send everyone the same key.

Precautions to be taken to securely transfer documents over the Internet

    Embedding in the central node of the hardware and software complex that performs the functions of a firewall.

    Packet filtering and user authentication.

    Providing internal communication between sites through a corporate intranet that has local IP addresses that are not registered on the Internet and therefore inaccessible from the outside world.

    Fencing access to the external network with a proxy server that converts internal IP addresses to global ones, restricts incoming and outgoing traffic, and performs registration of external Web sites visited by users.

    The use of different protocols on local servers containing critical databases and on Web servers, making it difficult for unauthorized access to the databases. This can slightly diminish the benefits of Web technology.

Implementation of access control mechanisms into the document management system itself (access control list, access levels, roles, user groups, encryption, etc.).

    Appendix. Requirements for information systems of electronic document circulation of federal executive bodies, taking into account, among other things, the need for processing through these systems of official information of limited distribution

Order of the Ministry of Communications and Mass Media of the Russian Federation
dated September 2, 2011 N 221
"On approval of the Requirements for information systems of electronic document management of federal executive bodies, taking into account, among other things, the need to process official information of limited distribution through these systems"

In accordance with clause 5.2.23 of the Regulation on the Ministry of Communications and Mass Media of the Russian Federation, approved by Decree of the Government of the Russian Federation dated June 2, 2008 N 418 (Collected Legislation of the Russian Federation, 2008, N 23, Art.2708; N 42, Art. 4825; N 46, Art.5337; 2009, N 3, Art. 378; N 6, Art. 738; N 33, Art. 4088; 2010, N 13, Art. 1502; N 26, Art. 3350; N 30 4099; N 31, Art 4251; 2011, N 2, Art. 338; N 3, Art. 542; N 6, Art. 888; N 14, Art. 1935; N 21, Art. 2965), and paragraph 2 of the action plan for the transition of federal executive bodies to paperless document flow when organizing internal activities, approved by order of the Government of the Russian Federation of February 12, 2011 N 176-r (Collected Legislation of the Russian Federation, 2011, N 8, Art. 1151), I order:

1. To approve the attached requirements for information systems of electronic document management of federal executive bodies, taking into account, among other things, the need to process official information of limited distribution through these systems (hereinafter - Requirements).

2. The Department of State Policy in the field of creation and development of electronic government (Lipov) shall publish the Requirements on the official website of the Ministry of Communications and Mass Media of the Russian Federation in the information and telecommunications network Internet.

3. Send this order for state registration to the Ministry of Justice of the Russian Federation.

Registration N 22304

Requirements for information systems of electronic document management of federal executive authorities have been established.

The system must be scalable.

The levels of its performance, reliability and protection are given. So, access to the system should take no more than 3 seconds, downtime in case of failures and reboots - 30 minutes. Protection against unauthorized access in cases of processing of service information of limited distribution - not lower than class 1G.

The system is designed to manage all documents of the body, including their projects, except for those containing state secrets. It interacts, in particular, with the interdepartmental electronic document management system.

The process of entering a document into the system includes its registration, scanning and creation of an electronic image.

If a ban on creating an electronic image is set, the document is only registered.

The system must support at least 4 file formats: pdf, rtf, doc, tiff.

It should also ensure the verification and safety of electronic signatures, record information about the granting of access and other operations with documents and metadata as part of the control information.

The system is required to comply with GOST R 51275-2006 and the rules for technical protection of confidential information.

It must not have a direct (unsecured) connection to the Internet.

Order of the Ministry of Communications and Mass Media of the Russian Federation of September 2, 2011 N 221 "On the approval of the Requirements for information systems of electronic document management of federal executive bodies, taking into account, among other things, the need for processing through these systems of official information of limited distribution"


Registration N 22304


This order comes into force 10 days after the day of its official publication.