Second Schedule
Second Schedule: Databases subject to high level of security...
First Schedule
First Schedule: Databases subject to medium level of security...
eBOOK ● IPPR-First Schedule ● KNOWLEDGE BANK
Application
Chapter 25: These Regulations shall apply in addition to provisions concerning data security in other enactments unless there is a conflict between them...
eBOOK ● IPPR-C25 ● KNOWLEDGE BANK
Protection of Privacy Regulations
Chapter 24: Regulations 2, 3, 9, 10, 12, 13, 14 and 15 of the Protection of Privacy Regulations (Conditions for Data Storage and Protection and Data Transfer Between Public Bodies) 5746-1986 – are null and void....
eBOOK ● IPPR-C24 ● KNOWLEDGE BANK
Assessment
Chapter 23: Notwithstanding the provisions of Regulation 7(a), with respect to those who are authorized users on the day these Regulations take effect...
eBOOK ● IPPR-C23 ● KNOWLEDGE BANK
Effective Date
Chapter 22: These Regulations will take effect one year after their publication...
eBOOK ● IPPR-C22 ● KNOWLEDGE BANK
The Regulations
Chapter 21: With respect to databases subject to high level of security - Regulation 1 to 20 shall apply...
eBOOK ● IPPR-C21 ● KNOWLEDGE BANK
Obligations towards Regulations
Chapter 19: The obligations that apply in these Regulations to a database controller will also apply to a database manager, and with the exception of the obligations prescribed in Regulations 2 and 15(a)...
eBOOK ● IPPR-C19 ● KNOWLEDGE BANK
Security Documentation Outline
Chapter 18: In a database subject to medium or high security level, the database controller will prescribe in a document...
eBOOK ● IPPR-C18 ● KNOWLEDGE BANK
Data Retention
Chapter 17: A database controller will retain the data collected when implementing the provisions of Regulation 6(b), 8 to 11, 14, 15(a)(4) and 16, to the extent these Regulations apply to him, in a secure manner for 24 months...
eBOOK ● IPPR-C17 ● KNOWLEDGE BANK
Database Security Levels
Chapter 16: In a database subject to medium or high security level, the database controller is responsible to conduct, at least once in 24 months...
eBOOK ● IPPR-C16 ● KNOWLEDGE BANK
Controller Entering into Agreement
Chapter 15: A database controller will not connect the database systems to the Internet or to another public network without installing the appropriate safeguards against unauthorized penetration...
eBOOK ● IPPR-C15 ● KNOWLEDGE BANK
Controller Placed Safeguards
Chapter 14: A database controller will not connect the database systems to the Internet or to another public network without installing the appropriate safeguards against unauthorized penetration...
eBOOK ● IPPR-C14 ● KNOWLEDGE BANK
Controller and Database Systems
Chapter 13: A database controller will ensure that the database systems are managed and operated properly, as commonly acceptable in the operation of such systems...
eBOOK ● IPPR-C13 ● KNOWLEDGE BANK
Controller Placed Restrictions
Chapter 12: A database controller will restrict or deny the option to connect portable devices to the database systems in a manner which is compatible with the information security level applicable to the database...
eBOOK ● IPPR-C12 ● KNOWLEDGE BANK
Documentation
Chapter 11: A database controller is responsible to document every case in which an event was discovered, raising concern regarding a breach of the data integrity...
eBOOK ● IPPR-C11 ● KNOWLEDGE BANK
Security Levels
Chapter 10: In the systems of a database subject to medium or high security level, an automatic recording mechanism shall enable monitoring the access to the database systems...
eBOOK ● IPPR-C10 ● KNOWLEDGE BANK
Appropriate Measures
Chapter 9: A database controller will take appropriate measures under the circumstances, and according to the nature and kind of the database...
eBOOK ● IPPR-C9 ● KNOWLEDGE BANK
Access Permissions
Chapter 8: A database controller will determine access permissions of authorized users to the database and database systems in accordance with the role's responsibilities...
eBOOK ● IPPR-C8 ● KNOWLEDGE BANK
Access to Information
Chapter 7: A database controller will not grant access to information stored in the database and will not change the scope of authorization granted...
eBOOK ● IPPR-C7 ● KNOWLEDGE BANK
System Security
Chapter 6: A database controller will ensure that the systems listed in Regulation 5(a)(1) are maintained in a secure place, preventing unauthorized penetration and entry...
eBOOK ● IPPR-C6 ● KNOWLEDGE BANK
Up-to-date document of the database structure
Chapter 5: A database controller will maintain an up-to-date document of the database structure, as well as an up-to-date inventory of the database systems, including...
eBOOK ● IPPR-C5 ● KNOWLEDGE BANK
Data Security Procedure
Chapter 4: A database controller will prescribe a written data security procedure (“the Procedure”) according to the database definitions document and these Regulations...
eBOOK ● IPPR-C4 ● KNOWLEDGE BANK
Appointing a Data Security Officer
Chapter 3: Where there is a duty to appoint a data security officer, or where a data security officer of the database has been appointed, the following provisions shall apply...
eBOOK ● IPPR-C3 ● KNOWLEDGE BANK
Data
Chapter 2: A database controller will specify in the database definitions document (the “database definitions document”) at least the following matters...
eBOOK ● IPPR-C2 ● KNOWLEDGE BANK
Regulations
Chapter 1: Severe security incident - any of the following...
