Payment for services is made exclusively to the company's account. For your convenience, we have launched Kaspi RED 😎

More
Home / RLA / Article 5-4. The procedure for conducting state control over state bodies over compliance with the legislation of the Republic of Kazakhstan on electronic document and electronic digital signature, the Law on Electronic Document and Electronic Digital Signature

Article 5-4. The procedure for conducting state control over state bodies over compliance with the legislation of the Republic of Kazakhstan on electronic document and electronic digital signature, the Law on Electronic Document and Electronic Digital Signature

АMANAT партиясы және Заң және Құқық адвокаттық кеңсесінің серіктестігі аясында елге тегін заң көмегі көрсетілді

Article 5-4. The procedure for conducting state control over state bodies over compliance with the legislation of the Republic of Kazakhstan on electronic document and electronic digital signature, the Law on Electronic Document and Electronic Digital Signature

     1. State control over compliance with the legislation of the Republic of Kazakhstan on electronic document and electronic digital signature in relation to state bodies (hereinafter referred to as control subjects) is carried out by the authorized body in the field of information security in the form of inspections.

     Inspections are divided into periodic and unscheduled ones.

     Periodic inspections of control subjects are carried out according to the following sources of information:

     1) the results of previous inspections;

     2) the results of monitoring reports and information;

     3) the results of the analysis of the Internet resources of government agencies;

     4) according to the operator of the electronic government information and communication infrastructure.

     2. Periodic inspections are carried out at intervals of no more than once a year in accordance with the periodic inspection plan approved by the first head of the authorized body in the field of information security.

     The authorized body in the field of information security shall approve a plan for periodic inspections no later than December 1 of the year preceding the year of inspections.

     The plan for periodic inspections is posted on the Internet resource of the authorized body in the field of information security no later than December 20 of the year preceding the year of inspections.

     The periodic inspection plan includes:

     1) the number and date of the plan approval;

     2) the name of the state body;

     3) name of the control entity;

     4) location of the subject (object) of control;

     5) the timing of the audit;

     6) the subject of verification;

     7) the signature of the person authorized to sign the plan.

     Amendments and additions to the periodic inspection plan are made in cases of liquidation, reorganization of the control entity, change of its name or redistribution of powers between the control entities.

     3. An unscheduled audit is an audit appointed by the authorized body in the field of information security, in the following cases::

     1) the presence of confirmed complaints to the subject of control received from individuals and legal entities about violations of the requirements of the legislation of the Republic of Kazakhstan on electronic document and electronic digital signature;

     2) appeals from individuals and legal entities whose rights and legitimate interests have been violated;

     3) the prosecutor's demands on specific facts of harm or threat of harm to the rights and legitimate interests of individuals and legal entities, the state;

     4) appeals from state bodies on specific facts of harm to the rights and legitimate interests of individuals and legal entities, the state, as well as on specific facts of violations of the requirements of the legislation of the Republic of Kazakhstan, failure to eliminate which entails harm to the rights and legitimate interests of individuals and legal entities;

      5) instructions of the criminal prosecution body on the grounds provided for by the Criminal Procedure Code of the Republic of Kazakhstan;  

     6) the need to monitor the execution of the act on the results of the audit.

     4. When conducting an audit, officials of the authorized body in the field of information security shall have the right:

      1) unhindered access to the territory and premises of the subject (object) of control in accordance with the subject of verification upon presentation of the documents specified in paragraph 8 of this Article;  

     2) receive documents (information) on paper and electronic media or copies thereof for attachment to the act on the results of the audit, as well as access to automated databases (information systems) in accordance with the subject of the audit;

     3) to carry out audio, photo and video shooting;

     4) involve specialists, consultants, and experts from government agencies, subordinate organizations, and other organizations.

     5. The subjects of control or their authorized representatives during the audit have the right:

     1) to prevent the inspection of officials of the authorized body in the field of information security, who arrived to conduct the inspection, in the following cases::

     exceeding or expiring the time limits specified in the act on the appointment of an inspection (additional act on the extension of the time limit, if any), which do not correspond to the time limits established by this Article.;

     absence of documents provided for in paragraph 8 of this Article;

     2) appeal the act on the results of the audit in accordance with the procedure established by the legislation of the Republic of Kazakhstan.

     6. When conducting an audit, the subjects of control or their authorized representatives must:

     1) to ensure unhindered access of officials of the authorized body in the field of information security to the territory and premises of the subject (object) of control;

     2) provide officials of the authorized body in the field of information security with documents (information) on paper and electronic media or copies thereof for attachment to the act on the results of the audit, as well as access to automated databases (information systems) in accordance with the subject of the audit;

     3) make a note on the second copy of the act on the appointment of the inspection and the act on the results of the inspection on the day of its completion.

     7. The inspection is carried out on the basis of the inspection appointment act.

     The act on the appointment of the inspection shall specify:

     1) date and number of the act;

     2) the name of the state body;

     3) last name, first name, patronymic (if it is indicated in the identity document) and the position of the person(s) authorized to conduct the audit;

     4) information about specialists, consultants, and experts from government agencies, subordinate organizations, and other organizations involved in the audit;

     5) the name of the control entity and its location.

     In the case of an inspection of a structural subdivision of a state body, its name and location are indicated in the act on the appointment of the inspection.;

     6) the subject of verification;

     7) type of verification;

     8) the deadline for the audit;

     9) the grounds for conducting the audit;

     10) the period under review;

     11) rights and obligations of the control entity;

     12) signature of the head of the control entity or his authorized person on receipt or refusal to receive the act;

     13) the signature of the person authorized to sign the act.

     When conducting an audit, the authorized body in the field of information security is obliged to notify the control entity of the start of the audit at least one day before it begins, indicating the subject of the audit.

     The date of delivery of the inspection appointment certificate to the subject of control is considered to be the beginning of the inspection.

     8. Officials of the authorized body in the field of information security, who arrived at the facility for inspection, are required to present to the subject of control:

     1) an act on the appointment of an inspection;

     2) official identification card or identification card;

     3) if necessary, a permit from the competent authority to visit sensitive facilities.

     9. The time limit for conducting an inspection is set taking into account the subject of the inspection, as well as the amount of work to be done, and should not exceed ten working days.

     The verification period may be extended only once for no more than fifteen working days. The extension is carried out by the decision of the head of the authorized body in the field of information security.

     The extension of the inspection period is formalized by an additional act on the extension of the inspection period with notification to the control entity, which specifies the date and number of the order of the previous act on the appointment of the inspection and the reasons for the extension.

     The notification of the extension of the verification period is delivered to the subject of control by the authorized body in the field of information security one business day before the extension with the notification of delivery.

     10. Based on the results of the audit, an act on the results of the audit is drawn up by officials of the authorized body in the field of information security who carry out the audit.

     The first copy of the act on the results of the audit in electronic form is submitted to the state body that carries out activities in the field of state legal statistics and special accounting within its competence, the second copy with copies of appendices, with the exception of copies of documents available in the original to the subject of control, on paper against signature or in electronic form is handed over to the subject of control (to the head or his authorized person) for familiarization and taking measures to eliminate the identified violations and other actions., the third copy remains with the authorized body in the field of information security.

     11. The inspection results report states:

     1) date, time and place of drawing up the act;

     2) the name of the state body;

     3) the number and date of the act on the appointment of the inspection (additional act on the extension of the period, if any);

     4) last name, first name, patronymic (if it is indicated in the identity document) and the position of the person(s) who conducted the inspection;

     5) information about specialists, consultants, and experts from government agencies, subordinate organizations, and other organizations involved in the audit;

     6) the name of the control entity, its location;

     7) the subject of verification;

     8) type of verification;

     9) the time and period of the audit;

10) information about the results of the audit, including the identified violations and their nature;

     11) requirements for the elimination of identified violations of the requirements of the legislation of the Republic of Kazakhstan on electronic documents and electronic digital signatures, indicating the deadline for their execution;

     12) information on familiarization or refusal to familiarize with the act of the head of the control entity or his authorized person, as well as persons who were present during the inspection, their signatures or a record of refusal to sign;

     13) the signature of the officials who conducted the inspection.

     Documents related to the results of the audit (if any) and their copies are attached to the act on the results of the audit.

     12. If there are comments and/or objections based on the results of the audit, the control entity shall state them in writing. Comments and (or) objections are attached to the act on the results of the audit, which is marked accordingly.

     The authorized body in the field of information security must consider the comments and (or) objections of the subject of control to the act on the results of the audit and give a reasoned response within fifteen working days.

     In case of refusal to adopt an act on the results of the audit, an act is drawn up, which is signed by the officials carrying out the audit and the head of the control entity or his authorized representative.

     The subject of control has the right to refuse to sign the act by giving a written explanation of the reason for the refusal.

     13. The end of the inspection period is considered to be the day when the inspection results report is handed over to the control entity no later than the deadline for the end of the inspection specified in the inspection appointment act or the additional act extending the inspection period.

     14. The deadlines for the execution of the act on the results of the audit are determined taking into account the circumstances affecting the actual possibility of its execution, but not less than ten calendar days from the date of delivery of the act on the results of the audit.

     15. When determining the deadlines for the execution of the inspection report, the following factors are taken into account:

     1) the subject of control has organizational and technical capabilities to eliminate violations;

     2) the deadlines for obtaining mandatory opinions, approvals and other documents from state bodies established by the laws of the Republic of Kazakhstan.

     16. Upon the expiration of the period for the elimination of identified violations established in the act on the results of the audit, the subject of control is obliged, within the period established in the act on the results of the audit, to provide the authorized body in the field of information security information on the elimination of identified violations with supporting documents.

     In case of failure to provide information on the elimination of identified violations, the authorized body in the field of information security has the right to appoint an unscheduled inspection in accordance with subparagraph 6) of paragraph 3 of this Article.

     17. In case of violation of the rights and legitimate interests of the subject of control during the audit, the subject of control has the right to appeal the decisions, actions (inaction) of officials of the authorized body in the field of information security to a higher official or to a court in accordance with the procedure established by the legislation of the Republic of Kazakhstan.

 

 

The Law of the Republic of Kazakhstan dated January 7, 2003 No. 370.

      This Law is aimed at regulating relations arising from the creation and use of electronic documents certified by electronic digital signatures, providing for the establishment, modification or termination of legal relations, as well as the rights and obligations of participants in legal relations arising in the field of electronic document circulation, including civil law transactions.

 

President    

Republic of Kazakhstan     

© 2012. RSE na PHB "Institute of Legislation and Legal Information of the Republic of Kazakhstan" of the Ministry of Justice of the Republic of Kazakhstan  

 

 Constitution Law Code Standard Decree Order Decision Resolution Lawyer Almaty Lawyer Legal service Legal advice Civil Criminal Administrative cases Disputes Defense Arbitration Law Company Kazakhstan Law Firm Court Cases 

The company specializes in providing professional legal assistance to clients.

© 2007. Law Firm «Law and Right»,. All rights reserved.