Unofficial translation
Footnote. The heading - as revised by order of the Minister of Industry and Infrastructural Development of the Republic of Kazakhstan № 568 dated 08.08.2023 (shall be put into effect on 07.01.2024).In accordance with subparagraph 11-12) of Article 20 of the Law of the Republic of Kazakhstan dated July 16, 2001 “On architectural, urban planning and construction activities in the Republic of Kazakhstan”, I ORDER:
1. That the Rules for Maintaining the Portal and Information Systems for Organising the Comprehensive Non-Departmental Expert Review of Construction Projects and the Comprehensive Urban Planning Expert Review of Urban Planning Projects on a Single Window Principle shall be approved as attached.
Footnote. Paragraph 1 - as revised by order of the Minister of Industry and Infrastructural Development of the Republic of Kazakhstan № 568 of 08.08.2023 (shall be in effect since 07.01.2024).2. The Committee on construction and housing and communal services of the Ministry for Investment and Development of the Republic of Kazakhstan, in the manner, established by the law, to ensure:
1) the state registration of this order at the Ministry of Justice of the Republic of Kazakhstan;
2) within ten calendar days from the date of the state registration of this order, to send it in the Kazakh and Russian languages to the Republican state enterprise on the basis of the right of economic management "Republican Center of Legal Information" for official publication and inclusion in the Reference Control Bank of regulatory legal acts of the Republic of Kazakhstan;
3) the placement of this order on the Internet resource of the Ministry for Investment and Development of the Republic of Kazakhstan;
4) within ten working days after the state registration of this order in the Ministry of Justice of the Republic of Kazakhstan, to submit the information to the Legal Department of the Ministry of Investment and Development of the Republic of Kazakhstan on the implementation of measures, provided for in subparagraphs 1), 2) and 3) of this paragraph.
3. Supervising vice minister for investment and development of the Republic of Kazakhstan shall be authorized to oversee the implementation of this order.
4. This order shall enter into force upon the expiry of ten calendar days after the day of its first official publication.
Minister of investment and development of the Republic of Kazakhstan |
Zh. Kassymbek |
"AGREED"
Minister of defense and
airspace industry of the
Republic of Kazakhstan
____________________B. Atamkulov
"__" _______________ 2018
Approved | |
by the order of the Minster | |
of investment and development | |
of the Republic of Kazakhstan | |
dated September 24, 2018, № 670 |
Rules
for Maintaining the Portal and Information Systems for Organising the Comprehensive Non-Departmental
Expert Review of Construction Projects and the Comprehensive Urban Planning Expert Review
of Urban Planning Projects on a Single Window Principle
Footnote. The Rules - as revised by order of the Minister of Industry and Infrastructural Development of the Republic of Kazakhstan № 568 dated 08.08.2023 (shall come into effect on 07.01.2024).
Chapter 1: General provisions
1. These Rules for Maintaining the Portal and Information Systems for Organising the Comprehensive Non-Departmental Expert Review of Construction Projects and the Comprehensive Urban Planning Expert Review of Urban Planning Projects on a Single Window Principle (hereinafter the Rules) have been elaborated in line with sub-paragraph 11-12) of Article 20 of the Law of the Republic of Kazakhstan “On Architectural, Urban Planning and Construction Activities in the Republic of Kazakhstan” (hereinafter the Law) and establish the procedure for maintaining the portal and information systems for organising a comprehensive non-departmental expert review of construction projects and a comprehensive urban planning expert review of urban planning projects on a single window principle.
2. The following terms are used herein:
1) unscheduled information system maintenance activities are technical and preventive works involving installation of critical software updates to eliminate critical vulnerabilities of the information system or replacement of failed equipment;
2) personal account is a component of the portal designed for filing electronic applications to portal participants;
3) Internet resource means an electronic information resource displayed in text, graphic, audiovisual or other form, placed on a hardware and software complex, having a unique network address and (or) domain name and operating on the Internet;
4) Integrated Expertise Information System (hereinafter referred to as IEIS) is an information system integrated with the portal, implementing the automation of procedures and operations related to the review of electronic applications;
5) IEIS operator is a legal entity engaged in maintaining the IEIS;
6) IEIS user is an expert organisation registered in the IEIS and using its resources and components for automated performance of procedures and operations related to the review of incoming electronic applications;
7) an electronic copy of a document is a document that fully reproduces the form and information (data) of the original document in electronic digital form;
8) portal is an information system offering a single platform for information interaction between portal users and portal participants based on the single window principle;
9) portal operator is a legal entity vested with the function of portal maintenance in line with the Law;
10) portal participant is an expert organisation registered on the portal and using its resources and components to accept electronic applications;
11) portal user is a natural person or legal entity registered on the portal and using its components to prepare and file an electronic application;
12) department of the competent authority for architecture, urban planning and construction (hereinafter - the Department) is a department of the central public authority exercising oversight and implementation functions in the field of architectural, urban planning and construction activities within its competence under the laws of the Republic of Kazakhstan;
13) technical and preventive maintenance is a range of measures to maintain computer hardware and telecommunication equipment in a serviceable condition, including, inter alia, preventive maintenance to avoid failure of machinery and (or) equipment and premature wear and tear, troubleshooting, replacement of individual parts and units, installation and adjustment of equipment, software, additional devices and boards to increase the capacity of the equipment, and provision of assistance to users;
14) technical failure is an unscheduled temporary failure of a software and hardware complex or a separate component of the information system, resulting in the inability to use the information system by one or more users;
15) electronic document is a document wherein data is presented in electronic digital form and certified by means of an electronic digital signature (hereinafter referred to as EDS);
16) electronic application is an executed and structured set of information filed by the portal user in electronic digital form for consideration by the portal participant and certified by means of EDS;
17) Application programming interface (hereinafter - API) is an application programming interface, a range of ready-made programs offered by a service for information interaction between informatisation objects;
18) Secure Sockets Layer certificate (hereinafter - SSL certificate) is a registration certificate intended for use by an Internet resource or information system to provide an authentication procedure;
19) Virtual Private Network (hereinafter - VPN) is a virtual private network for information exchange between two hosts.
Other concepts and terms used herein shall be specified under the laws of the Republic of Kazakhstan.
3. EDS certificates issued for natural persons and legal entities by the National Certification Centre of the Republic of Kazakhstan shall be valid on the portal and in the IEIS.
4. The portal and the IEIS shall not be classified as information systems in a protected version, classified as state secrets, whose security is ensured with the use of state encryption means and (or) other means of protection of information constituting state secrets in compliance with the requirements of the secrecy regime.
Chapter 2:
Procedure for maintaining the portal for organising a single window comprehensive
non-departmental expert review of construction projects and comprehensive urban
planning expert review of urban planning projects
5. The maintenance of the portal for organising the comprehensive non-departmental expert review of construction projects and comprehensive urban planning expert review of urban planning projects on a single window principle shall belong to the technologically related activities of the state expert organisation as per paragraph 2 of Article 64-4 of the Law.
6. The portal for organising information interaction shall ensure:
1) receiving, registering and sending electronic applications of portal users;
2) granting portal users with data and electronic documents in the process of consideration of electronic applications;
3) transfer to the portal user the outcomes of consideration of electronic applications, as well as their further storage;
4) information exchange on received electronic applications with integrated Internet resources and information systems.
7. For organising the comprehensive non-departmental expertise of construction projects and comprehensive urban planning expertise of urban planning projects on a single window principle, the portal operator shall implement the following activities:
1) performs technical maintenance, support and development of the portal;
2) ensures functioning and information security of the portal as per the laws of the Republic of Kazakhstan on informatisation and the provisions hereof;
3) registers users and participants of the portal;
4) concludes agreements with portal users and participants on how to use the portal;
5) renders technical support to users and participants of the portal under the terms and conditions of the agreements concluded with them on the procedure of using the portal;
6) elaborates and approves the forms of questionnaires, applications, agreements on the procedure of using the portal, agreement on integration with the portal, instructions on working with the portal, as well as the registration form placed on the portal;
7) integrates the portal with Internet resources and information systems;
8) develops and publishes on the portal technical requirements for realisation of integration of the IEIS with the portal;
9) publishes information and reference materials on the portal.
Paragraph 1: Registration of the portal user
8. To register, the portal user shall proceed as follows:
1) fills in the registration form placed on the portal, with the following attachment:
for a legal entity the copies of documents envisaged by the laws on state registration of legal entities, taxes and other mandatory payments, as well as copies of documents confirming bank details;
for a natural person copies of an identity document and copies of documents confirming bank details (if available);
2) signs the agreement on the procedure of using the portal using EDS.
The portal operator shall confirm or refuse the user's registration within 3 working days from the moment of filing the documents by the user.
9. The grounds for refusal to register a user shall be the presence of the applied user in the list of previously registered users of the portal and (or) indication of incorrect or inconsistent with the information presented in the registration form.
10. To file electronic applications, the portal operator shall grant the portal user a personal account and instructions on how to work with the portal.
Paragraph 2: Registration of a participant of the portal
11. To enable the acceptance of electronic applications via the portal, the expert organisation shall be registered as a participant of the portal.
An expert organisation that is a user of one of the IEIS shall be registered as a participant of the portal.
12. An accredited expert organisation shall enter into an agreement on the procedure of using the portal with the portal operator to be registered as a participant of the portal.
To enter into an agreement on the procedure for using the portal, the accredited expert organisation shall present to the portal operator an accreditation certificate issued under the Rules for Accreditation of Expert Organisations approved by order № 151 of the Minister of National Economy of the Republic of Kazakhstan of February 27, 2015 “On Approval of the Rules for Accreditation of Expert Organisations” (recorded in the Register of State Registration of Regulatory Legal Acts under № 10640), for registration - a questionnaire filled in based on the form available on the portal.
An accredited expert organisation shall be registered by the portal operator within 3 working days from the moment of filling in the questionnaire, with its subsequent inclusion in the list of accredited expert organisations posted on the portal.
13. Grounds for exclusion of an accredited expert organisation from the list of accredited expert organisations posted on the portal and its subsequent blocking on the portal shall be as follows:
1) failure to submit confirmation of the accreditation certificate prior to its expiry date;
2) suspension and (or) withdrawal (revocation) of the accreditation certificate;
3) failure of the accredited expert organisation to comply with the terms and conditions of the concluded agreement on the procedure for using the portal;
4) cancellation of the agreement concluded with the portal operator.
14. Release and re-entry of a previously excluded accredited expert organisation into the list of accredited expert organisations posted on the portal shall be performed pursuant to the procedure established by paragraph 12 hereof.
15. Upon registration, the accredited expert organisation shall be charged to the portal operator for the use of components and technical resources, as well as for the scope of technical support services rendered by the portal operator at the rates set by the portal operator as agreed upon with the Office.
Paragraph 3: Acceptance, registration and forwarding of electronic applications of portal users
16. An electronic application shall be accepted and registered via a personal account on the portal after the portal user has provided the required data on the application and uploaded the relevant electronic documents and (or) electronic copies of documents.
Electronic documents and (or) electronic copies of documents shall be uploaded to the portal with the size exceeding the size set by the portal operator in instalments.
17. Electronic documents uploaded to the portal and (or) electronic copies of documents shall be certified by the EDS of the portal user or a person authorised to certify this document.
18. Registration of the electronic application, as well as the corresponding electronic documents and (or) electronic copies of documents shall be filed by the portal automatically by Astana city time, in the following order:
1) received on a working day from 12:00 a.m. to 01:59 p.m. Astana time, shall be registered with the date of this working day;
2) received on a working day from 2:00 p.m. to 11:59 p.m. Astana time, shall be registered with the date of the next working day;
3) those received on a non-working day shall be registered with the date of the next following working day.
When examining an electronic application, electronic documents and (or) electronic copies of documents filed by the portal user to the portal participant shall be registered as per the actual time of certification of these documents by EDS on the portal, by the time of Astana city. Upon receipt on a non-working day, these documents shall be registered with the date of the next working day.
An electronic application shall be assigned a registration number based on a template set by the portal operator separately for each portal participant.
19. By submitting data on an electronic application, the portal user shall select the portal participant to whom the electronic application is filed for consideration.
20. The portal shall automatically transfer the registered electronic application and the relevant electronic documents and (or) electronic copies of documents to the portal participant by means of interaction with the IEIS used by him/her.
21. Data on the progress of reviewing the presented electronic application, as well as electronic documents requiring signing by the portal user using EDS, shall be sent by the portal participant from the information security system used by him/her to the personal account of the portal user.
22. Electronic documents and electronic copies of documents posted on the portal and certified by EDS shall not be subject to deletion, amendment or replacement during the period of their storage on the portal.
23. The data on electronic applications, including the relevant electronic documents and electronic copies of documents submitted to the portal by its users, as well as those received from the integrated information security system shall be stored on the portal for 3 years from the date of their registration on the portal.
Paragraph 4. Integration of Internet resources and information systems with the portal
24. Internet resources and information systems, including IEIS shall interact with the portal through their mutual integration.
The Internet resources and information systems integrated with the portal shall meet the requirements of the laws of the Republic of Kazakhstan on informatization and these Rules.
For integration with the portal, the IEIS shall be elaborated in line with the relevant technical specifications published on the portal.
25. While integrating with the portal, the method of organizing information interaction via the API shall be applied to obtain universal data sets.
This integration shall be performed under the procedure established by paragraph 29 hereof.
26. When integrating with the portal to obtain certain types of data not included in the API, such integration shall be performed in the general order specified in paragraph 28 hereof.
27. The requirements of this paragraph shall not apply to the integration of the portal with the objects of informatization of the electronic government, as well as other state information systems (information systems of public authorities) performed to obtain individual data not included in the API.
This integration shall be implemented as per the manner prescribed by the laws of the Republic of Kazakhstan on informatization.
28. The following activities shall be implemented to integrate Internet resources and information systems with the portal:
1) the owner of the Internet resource and (or) information system shall apply to the Agency for permission to integrate with the portal;
2) the owner of the Internet resource and (or) information system shall direct to the operator of the portal an application for integration with the portal accompanied by:
an integration permit issued by the office;
a draft agreement for integration with the portal;
SSL certificate (public key of an Internet resource and (or) information system) issued by the National Certification Center of the Republic of Kazakhstan (act of transfer);
VPN forms for building a VPN tunnel based on the form posted on the portal (the test or industrial environment shall be specified);
an act of acceptance of the information system into commercial operation;
an act with a positive test result for compliance with information security requirements;
3) the owner of the Internet resource and (or) the information system, jointly with the operator of the portal shall perform integration testing within the agreed time frame;
4) upon successful testing of the integration of an Internet resource and (or) an information system with a portal, an act of successful integration testing shall be drawn up between the owner of the Internet resource and (or) the information system and the portal operator;
5) integration shall be deemed to be established after the signing by the office, the owner of the Internet resource and (or) the information system and the operator of the portal of the agreement on integration with the portal and the act of commissioning integration stating the duration of the integration.
29. For the integration of Internet resources and other information systems with the portal to obtain universal datasets via the API, the following activities shall be performed:
1) the owner of the Internet resource and (or) information system shall direct the portal operator a request for integration with the portal via the API accompanied by a signed draft integration agreement;
2) the portal operator shall grant the owner of the Internet resource and (or) the information system the keys to connect to the API;
3) the owner of the Internet resource and (or) the information system, jointly with the operator of the portal shall perform integration testing within the agreed time frame;
4) in the event of successful testing of the integration of an Internet resource and (or) an information system with a portal, an act of successful integration testing is drawn up between the owner of the Internet resource and (or) the information system and the portal operator;
5) integration shall be deemed to be established upon signing by the owner of the information system and the operator of the portal of the agreement on integration with the portal and the act of activation the integration stating the duration of the integration.
30. Via integration, owners of integrated Internet resources and information systems shall file requests for information and data on electronic applications, including electronic documents and (or) electronic copies of documents of a confidential nature and (or) representing official and commercial secrets with the consent of the customer or the legal copyright holder.
31. On the part of the integration participants (the owner of the Internet resource and (or) the information system and the portal operator), the effective implementation of the terms of interaction and data processing by the interaction participants themselves shall be an evidence of the successful implementation of integration.
Since the successful implementation of the integration of the IEIS with the portal, its owner shall grant the office access to the IEIS to supervise and monitor the actions of the users of the IEIS for alignment with the Law.
32. Should errors be found in the transmission of data by an integrated Internet resource and (or) information system to the portal in the course of their information interaction, the portal operator shall direct a notification to the e-mail of the owner of this Internet resource and (or) information system and, if they fail to take appropriate corrective measures within a month, suspend information interaction.
Should information security incidents be revealed in the transmission of data by an integrated Internet resource and (or) information system to the portal in the course of their information interaction, the portal operator shall direct a notification to the e-mail of the owner of this Internet resource and (or) information system and immediately suspend information interaction with this Internet resource and (or) information system until they are completely eliminated, then send a notification to the email address of the relevant owner.
Information interaction between the Internet resource and (or) the information system with the portal shall be resumed after the portal operator receives a notification from the owner of this Internet resource and (or) the information system on the successful implementation of corrective measures and (or) the complete elimination of an information security incident.
33. Should communication channels malfunction or communication operators perform work on communication lines, the time period for restoring communication shall be specified by the regulations of the communication operator.
34. The owner of the Internet resource and (or) the information system and the operator of the portal shall appoint responsible persons who ensure information security and the constant availability of software and hardware.
35. Should the composition of the responsible persons change (transfer or termination of the employment contract), mutual information on the existing changes shall be made within a week, and new data on the responsible persons shall be provided for the timely implementation of the provisions hereof.
36. The protection of information during the implementation of integration shall be secured by confirmation of the authorship of the signed messages. The confirmation of the authorship of the messages shall be a positive result of verification of the identity of the EDS of the sender of the message and the validity of this EDS.
Chapter 3:
Procedure for maintaining an information system for organising a single-window comprehensive
non-departmental expert review of construction projects and comprehensive urban planning
expert review of urban planning projects
37. To automate procedures and operations associated with the review of electronic applications, the IEIS shall:
1) accept and store registered electronic applications for comprehensive non-departmental expert review of construction projects with relevant electronic documents and (or) electronic copies of documents;
2) transfer to the portal data on the progress of review of registered electronic applications, draft electronic documents to be certified by the portal user using EDS, as well as the outcome of the review of registered electronic applications and relevant electronic documents;
3) exchange of data with integrated Internet resources and information systems, as well as with the portal on registered electronic applications.
38. When reviewing electronic applications for conducting a comprehensive urban planning examination of urban development projects, the above functions shall be performed by the IEIS of the state expert organization.
39. The IEIS operator shall perform the following activities:
1) implements the maintenance, servicing and development of the IEIS;
2) ensures the functioning and information security of the IEIS under the laws of the Republic of Kazakhstan on informatization and the provisions hereof;
3) registers users of the IEIS;
4) enter into agreements with users of the KE IS on the procedure of using the IEIS;
5) elaborates and adopts the forms of questionnaires, agreement on the procedure of using the IEIS, instructions and logs placed in the IEIS;
6) renders technical support to the users of the IEIS under the terms and conditions of the agreements signed with them;
7) integrates the IEIS with Internet resources and information systems;
8) posts background information and reference materials in the IEIS;
9) grant the Agency access to the IEIS to supervise and monitor the actions of users of the IEIS with regard to observance of the Law.
Paragraph 1: Registration of the IEIS user
40. To review electronic applications, the expert organisation shall be registered in one of the IEIS integrated with the portal.
41. An IEIS operator shall register an expert organisation as an IEIS user within 3 working days after the accredited expert organisation enters into an agreement on the procedure of using the IEIS with its operator.
An expert organisation shall present a questionnaire filled in the form available in the IEIS to the IEIS operator for registration.
The requirements of this paragraph shall not apply to an expert organisation that is an IEIS operator.
42. An IEIS operator shall terminate the expert organisation's access to the IEIS in the following cases:
1) failure to submit confirmation of the accreditation certificate prior to its expiry date;
2) suspension and (or) withdrawal (revocation) of the accreditation certificate;
3) breach by the accredited expert organisation of the terms and conditions of the agreement concluded with the IEIS operator;
4) cancellation or expiry of the concluded agreement with the IEIS operator.
43. Upon registration as a IEIS user, the expert organisation shall be charged to the IEIS operator for the use of components and technical resources, as well as for the scope of technical support services rendered by the IEIS operator at the rates established by the IEIS operator.
Paragraph 2: Receipt and processing of electronic applications in the IEIS
44. To adhere to the procedure for reviewing electronic applications for non-departmental due diligence, the IEIS shall ensure:
1) automated estimation of the period of completeness verification, as well as the period of comprehensive non-departmental expert review (including the date of issuance and elimination of comments, issuance of a consolidated conclusion of comprehensive non-departmental expert review) in line with the requirements of the Law;
2) generation of electronic documents, their certification using EDS and subsequent automatic registration of these electronic documents in the IEIS, by assigning a number and date of registration.
45. The IEIS shall automatically assign a positive verification result upon expiry of the completeness verification period established by the Rules for Comprehensive Non-Departmental Expertise of Feasibility Studies and Design and Estimate Documentation intended for construction of new buildings and structures, as well as changes (reconstruction, expansion, technical re-equipment, modernisation and major repairs) of existing buildings and structures, their complexes, engineering and transport communications regardless of the sources of financing, approved by Order of the Minister of National Economy of the Republic of Kazakhstan № 299 of April 1, 2015 “On Approval of the Rules for for Comprehensive Non-Departmental Expertise of Feasibility Studies and Design and Estimate Documentation intended for construction of new buildings and structures, as well as changes (reconstruction, expansion, technical re-equipment, modernisation and major repairs) of existing buildings and structures, their complexes, engineering and transport communications regardless of the sources of financing” (recorded in the Register of State Registration of Regulatory Legal Acts under № 10722), and the absence of comments on completeness.
The IEIS shall block the change of the established completeness verification result after the expiry of the completeness verification period.
46. The time and date of registration of electronic documents in the IEIS shall be made based on the actual time of their certification by the EDS of the IEIS user's employees, Astana city time.
47. Documents to be agreed by the portal user shall be transferred by the IEIS to the portal in electronic digital form.
Upon transfer, the IEIS shall forward to the portal the EDS data of the IEIS user's employees who authorised these documents.
48. Comments on the project in the form of an electronic document shall be issued once.
It shall be prohibited to generate and upload to the portal additional electronic documents with comments, as well as to generate and upload to the portal electronic documents with comments after the expiry of the deadline for issuing comments.
49. IEIS users shall interact with the competent authority responsible for environmental protection, its territorial units, as well as local executive bodies in the field of environmental protection by means of the ES they use.
50. Electronic documents to be transferred to the portal user, generated by the IEIS user, after their authentication by EDS, shall be automatically transferred to the portal in the portal user's personal account.
The report of the comprehensive non-departmental expert review shall be transferred by the IEIS to the portal after the portal user fulfils the terms and conditions of the concluded agreement for conducting the comprehensive non-departmental expert review.
51. Amended and (or) supplemented by the decision of the IEIS user, the versions of electronic documents shall be transferred to the Portal in the user's personal account, after prior notification of the corresponding user of the Portal and certification in the IEIS of all actions on cancellation of the previous versions of these electronic documents by EDS of the authorised employees of the IEIS user.
In response to the received notification the portal user shall submit new versions of previously submitted electronic documents and (or) electronic copies of documents, certified by his/her EDS.
Paragraph 3: Integration of Internet resources and information systems with the IEIS
52. For integration with the IEIS, Internet resources and information systems must satisfy the requirements of the laws of the Republic of Kazakhstan on informatisation and these Rules.
53. The requirements of this paragraph shall not apply to the integration of the IEIS with "e-government" informatisation objects, as well as other state information systems (information systems of public authorities), performed to obtain separate data not included in the API.
This integration shall be performed in the order specified by the laws of the Republic of Kazakhstan on informatisation.
54. The following activities shall be implemented to integrate Internet resources and information systems with the IEIS:
1) the owner of the Internet resource and (or) information system shall send to the operator of the IEIS an application for integration with the IEIS in the form established by its operator;
2) the owner of the Internet resource and/or information system jointly with the IEIS operator shall draft a technical document for integration with the IEIS. The technical document shall be agreed and approved by the participants in the interaction (the owner of the Internet resource and (or) information system and the IEIS operator);
3) where required, the owner of the Internet resource and/or information system and the operator of the IEIS shall make the required changes to the Internet resource or information system and to the IEIS, respectively, as per the approved technical document, within the timeframe agreed upon by the parties to the interaction;
4) the owner of the Internet resource and (or) information system shall submit to the IEIS operator an application for testing in test mode in the form established by the IEIS operator;
5) the owner of the Internet resource and (or) information system and the IEIS operator shall test the integration of information systems. If the integration of information systems is successful, a document (protocol) shall be drawn up on successful integration testing;
6) upon successful integration testing, the owner of the Internet resource and (or) information system and the IEIS operator shall commission the interaction based on a joint decision (protocol, act).
55. Should errors and (or) information security incidents be revealed when the integrated Internet resource and (or) information system transmit data to the IEIS in the process of their information interaction, the IEIS operator shall immediately suspend information interaction with this Internet resource and (or) information system until they are completely eliminated and send a notification to the e-mail of the respective owner.
Information interaction between an Internet resource and (or) information system and the IEIS shall be resumed after the IEIS operator receives a notification from the owner of the Internet resource and (or) information system that the corrective measures have been successfully implemented and (or) the information security incident has been completely eliminated.
56. For the purpose of transferring design documentation (without estimates) that has undergone a comprehensive non-departmental expert review and received the relevant positive opinion, the IEIS shall be integrated with the automated information system of the State Urban Planning Cadastre.
Only project documentation (without cost estimates) presented for comprehensive non-departmental expert review via the portal in electronic form shall be subject to transfer.
The transfer shall be made with the consent of the owners of the rights to this project documentation.
The project documentation transferred to the republican state enterprise under the right of economic management engaged in maintaining the State Urban Planning Cadastre, shall be subject to the relevant requirements for confidentiality and ensuring official and commercial secrecy, except as otherwise envisaged by the laws of the Republic of Kazakhstan.
Chapter 4: Maintenance of information systems (portal and IEIS) Paragraph 1: Classification of incidents (technical failures)
57. For the purpose of maintenance of information systems (portal and IEIS), the following classification of incidents (technical failures) shall be established:
1) depending on the information system operator:
due to unlawful actions of the information system operator's employees;
due to failure to ensure an adequate level of information security of the information system, leading to an unauthorised impact on information in the information system;
due to physical damage to the information system and (or) its components caused by the fault of the information system operator or its employees;
2) beyond the control of the information system operator:
due to physical damage and (or) disconnection of the information system and (or) its components through the fault of third parties;
due to unavailability of the information system as a result of possible mass external (network, hacker) attacks causing failure of the communication equipment of the information system;
due to the absence or disruption of guaranteed availability of data transmission networks and (or) electricity used by users or participants of the information system to connect to the information system;
due to software and hardware limitations and settings contained in the computer equipment of the information system user, as well as the lack of the required software and hardware capabilities that do not allow the information system user to fully work with the information system;
due to infection of the information system user's computer equipment with malicious software that does not allow working in the information system due to its automatic blocking of the possibility of placing an infected file or archive of files;
due to improper compliance by the user of the information system with the instructions for working with the information system;
due to non-compliance with the regulations for storing the EDS key and credentials (login and password), transfer of the EDS key by the user of the information system to third parties who are not authorised to do so.
Paragraph 2: Sources of information on the onset of a technical failure
58. The sources of information on the onset of a technical failure shall be as follows:
messages from users of the information system;
messages of the information system operator's specialists monitoring the functioning of the information system;
data from software and hardware tools for monitoring and detecting information system faults, used to determine the operability and availability of the information system functionality that detected a technical failure;
data of system logs of the information system, where records evidencing the onset or the possibility of a technical failure are registered.
Paragraph 3: Actions of users, operators, specialists of operators in case of technical failures while using information systems
59. Should a technical failure occur, the following measures shall be taken:
1) within one hour from the moment the technical failure is found, the information system user shall inform the information system operator by means of the e-mail specified in the information system.
When addressing the operator, the user of the information system shall inform the operator of the name of the legal entity he/she represents or the surname, name, patronymic (if any) of a natural person, the relevant business identification number or individual identification number and contact details, the date and time (Astana time) of the technical failure detection, the description of the technical failure with the attachment of supporting documents (if any).
Should it be impossible to forward information on technical failure by e-mail, the user of the information system shall notify its operator not later than one hour by means of the telephone number specified in the information system;
2) upon finding a change in the operation or configuration of the information system inconsistent with the standard operation, a specialist of the information system operator shall record the date and time of occurrence of the technical failure in the logbook of user requests for technical failures of the information system (hereinafter referred to as the Logbook).
A specialist of the information system operator shall ensure interaction with the user depending on the way of his/her address (by telephone, e-mail, etc.).
User requests shall be received by specialists of portal operators and IEIS of the state expert organisation on working days from 9.00 a.m. to 6.30 p.m., with a lunch break from 12.30 p.m. to 2.00 p.m., Astana city time.
The schedule for providing technical support to users of other IEIS shall be established by their operators, depending on their working hours, and shall be specified in the respective IEIS.
60. Specialists of the information system operator shall register users' requests in the logbook within thirty minutes during working hours as per Astana city time.
Should the user's request on technical failure be received by e-mail at lunch time of Astana city time, the operator shall register the message within thirty minutes after the lunch break.
In case of receipt of the user's request on technical failure by e-mail after working hours of Astana city time, the operator shall register the message on the next working day.
The logbook shall be kept by operators in electronic form in the operator's information system for recording user requests.
61. Once a request is registered, a unique incident identifier shall be assigned to record user requests in the operator's information system and sent to the user's e-mail (if any) within one hour.
62. Should there be information on technical failure, the operator shall analyse the received information or submitted materials (screen shots and other submitted electronic documents) within two hours of working time of Astana city, if required, repeat (imitate) the actions that led to technical failure to confirm or refute the existence of the fact of technical failure of the information system.
63. If needed, the specialist of the information system operator shall request additional information from the user.
Should the user of the information system fail to present additional information within 2 hours from the moment of sending the request, the specialist of the information system operator shall assign the status of completed request to this registered request of the user and notify the user thereof by e-mail (if any).
64. In case of refutation of technical failure, within thirty minutes after confirmation of the facts of absence of technical failure in the information system, the operator shall notify the user thereof by e-mail (if available), with the confirmation information enclosed.
Paragraph 4. Information systems operation procedures and operators' actions in case of confirmation of technical failures of operation
65. When the information system operator confirms a technical failure, its criticality level shall be established.
66. Technical failures in terms of their impact on the functioning of the hardware and software complex of the information system and the procedures for submission and review of electronic applications shall be classified into the following criticality levels:
1) low - failures not preventing the procedures for receiving, registering and reviewing electronic applications from being performed;
2) medium - failures leading to the inability of one or more users of the information system to submit or consider an electronic application, affected by a technical failure, which may lead or has led to the inefficiency of the previous work of users of the information system;
3) high - failures and (or) events that resulted in suspension or unavailability of one or more components of the information system, when all users of the information system are unable to file or accept applications for consideration.
67. Upon occurrence of technical failures with a criticality level of low, the information system operator shall perform the following measures:
1) within thirty minutes of confirmation of the technical failure, notifies the user who contacted technical support by e-mail of the level of criticality of the technical failure, scheduled time and date of elimination of the technical failure.
In case of changes in such information, the operator shall repeatedly notify the user of the information system;
2) immediately proceeds to eliminate the causes of the technical failure;
3) after elimination of the technical failure, re-notifies the user who contacted technical support by e-mail on the completion of the work and elimination of the technical failure.
68. In case of technical failures with a criticality medium level, the operator shall undertake the following measures:
1) within thirty minutes from the moment of confirmation of the technical failure, notifies by e-mail the user who contacted the technical support on the level of criticality of the technical failure, the expected time and date of elimination of the technical failure, the deadline for extending the procedures related to filing or reviewing the electronic application in which the technical failure occurred.
When such information changes, the operator shall repost the information again;
2) within one hour of confirmation of the technical failure, notifies by e-mail the user who contacted technical support, as well as, if needed, all users involved in filing and (or) review of the electronic application (portal user, portal operator, IEIS operator, IEIS user), where the technical failure occurred, on the technical failure, its criticality level, estimated time and date of its elimination, deadline for extending the procedures related to filing or review of the electronic application where the technical failure occurred.
Upon changing this information, the operator shall notify again the user who contacted the technical support, as well as all users involved in filing and (or) review of the electronic application (portal user, portal operator, IEIS operator, IEIS user), where the technical failure occurred;
3) from the moment of confirmation of the technical failure, extends the time of procedures related to filing or processing of the electronic application in which the technical failure occurred, for the period of the technical failure;
4) proceeds to eliminating the technical failure of the electronic application where the technical failure occurred, as well as other electronic applications, if similar technical failures are detected in them;
5) repeatedly notifies by e-mail the user who contacted the technical support, as well as, if needed, all users involved in filing and (or) review of the electronic application (portal user, portal operator, IEIS operator, IEIS user), where the technical failure occurred, on the elimination of the technical failure, the actual date and time of elimination, the fact of prolongation of procedures related to the filing or review of the electronic application where the technical failure occurred.
69. In case of technical failures with a high criticality level, the operator shall implement the following measures:
1) from the moment the technical failure is confirmed, prolongs the procedures associated with filing or processing all applications that coincided with a technical failure in the relevant component of the information system for the time required to remedy the technical failure;
2) within thirty minutes from the moment of confirmation of the technical failure, notifies users by posting in the information system information on the technical failure, estimated time and date of its elimination.
Upon change of such information, the operator shall repeatedly notify the users of the information system;
3) extends the deadlines for filing or reviewing electronic applications for the period of technical failure;
4) proceeds to repair the technical failure;
5) repeatedly notifies users on the elimination of technical failure, by posting in the information system information on the actual date and time of elimination of technical failure, the fact of prolongation of procedures related to submission or consideration of applications.
70. In the event of extraordinary or unavoidable events, the portal operator jointly with the operators of the IEIS integrated with the portal shall adopt a decision on prolongation of procedures related to filing or review of applications for the amount of time (days) during which these events lasted.
71. When revealing signs of criminal and (or) administrative offences in the actions of users of the information system, the operator shall direct the data to law enforcement agencies or agencies authorized to consider cases of criminal and (or) administrative offences.
72. Should failures occur in the functioning of the information system, the IEIS operator shall, if necessary, engage appropriate highly qualified software and hardware specialists.
Paragraph 5: Operating procedures of information systems during scheduled preventive maintenance by the operator
73. The information system operator (portal or IEIS) shall support round-the-clock operations of the information system, excluding interruptions for technical and preventive measures (including unscheduled ones), measures to eliminate technical failures, as well as interruptions due to force majeure circumstances.
74. Technical and preventive maintenance in the information system shall be implemented based on the technical and preventive maintenance work plan approved and published in the information system in the first ten days of January of the current year.
75. Prior to the technical and preventive maintenance in the information system, the information system operator shall notify its users and owners, integrated Internet resources and (or) information systems 2 calendar days prior to the technical and preventive maintenance by placing the relevant information in the information system.
Technical and preventive maintenance works shall be executed at night time from 9:00 p.m. to 6:00 a.m. Astana city time, as well as on weekends and holidays by default.