Electronic Document Interchange Security in Russia
By Alexey Kozlov and Dmitry Slinkov
Following the global trend of digitalization, the Russian Federation enacted legislation that allows companies to carry out an electronic exchange of legally valid documents, such VAT invoices, goods acceptance protocols and service acceptance protocols. The banking industry has been a pioneer and key driver in the electronic document interchange, aiming to reduce their operating costs by switching to digital documents and transactions.
Successful experience of the banking industry has prompted the establishment of a regulatory framework and an e-government which is currently expanding the range of its electronic services. It has also become possible to simplify the document exchange process between organizations and government agencies and between organizations themselves.
The laws “On Information, Information Technologies and Protection of Information “, “ On Personal Data “, “ On Electronic Signature”, the Tax Code and various other regulations allow the exchange of invoices and other legal documents in the electronic format when the following security guidelines are met:
- Confidentiality of transmission and storage;
- User authentication and separation of duties;
- Confirmation of authorship/ownership;
- Integrity controls;
- Legal validity.
To confirm the authenticity and to provide integrity control, documents must be signed with a qualified electronic signature. According to the law “On Electronic Signature “, a qualified electronic signature must be issued by a certification authority accredited by the Ministry of Communications and Mass Media of the Russian Federation.
While ensuring the confidentiality of transmission, data encryption needs to be applied. All cryptographic programs should provide adequate security so that they require a certificate, issued by a certification authority, to be used for cryptographic protection.
To confirm authenticity and the date of transmission and receipt, it is required that a certified operator be used. Certified operators also provide services to store electronic documents.
Furthermore, it is required to provide network protection against unauthorized access and anti-virus protection on computers. With respect to the handling and storage of electronic signatures and passwords to access the certificate and document management system, it is required to maintain confidentiality. In particular, the storage of keys and passwords can be kept in a safe and issued upon signature.
Examples of successful implementation of electronic document interchange increase the number of organizations willing to move to electronic documents. Approximately twenty percent of companies are planning on switching to electronic document interchange in the near future. This gives hope to secure the future with a minimum amount of paper and improved overall efficiency in the invoicing process.
RUSSIA CONSULTING has been consulting and supporting foreign clients in St. Petersburg since 2004. The company has been instrumental in helping foreign investors to set up businesses in the city and handle local economic conditions. On-the-ground presence and years of business experience in the given city are essential to giving sound advice on foreign investment. RUSSIA CONSULTING can provide you and your organization with an in-depth understanding of business set-up, business consulting, taxation, accounting, recruiting, basic legal matters, IT services, set-up of internal control systems, adapted to the local environment. Furthermore, we can provide you with office space, a local general director, or finance and tax due diligence.