Improving regulatory support and information security in an industrial enterprise

The existing regulatory documents in the field of standardization set general requirements for information support of organizational-technical systems with not enough attention being paid to regulatory support in industrial enterprises. The problems of information support arise when the existing international standards are being adapted to the local conditions of production. This research study is aimed at substantiating and proposing rational processes for effective information support of industrial enterprises’ activities. In order to substantiate the results of this study and to prepare the materials suggested in the paper, the following scientific methods were used: analysis and best practices in applying standardization regulatory documents, observance and gathering of facts concerning information protection from unauthorized access; risks related to the lack of an effective information support system in an enterprise are formulated and summarized. As a result of the conducted research study, the following ones are proposed: an effective process for achieving synchronized financing of purchases of regulatory documents; conditions are summarized and proposed for effective contractual work in terms of the purchase and application of regulatory documents; system problems arising in the course of development (approval, application) of company (enterprise) standards were analyzed and ways to minimize related risks were suggested;


Introduction
Since management systems (including quality management systems) are increasingly used in RF industrial enterprises, systems of regulatory documents [1] (primarily standardization documents) have to be used.
Creating, updating and managing documented information according clause 7.5 "Documented information" ISO 9001:2015 "Quality management systems. Requirements", is one of the most important processes related to the development and effective application of quality management systems in modern enterprises.
Documented information on electronic and paper media is systematized and presented in form of regulatory documents -standardization documents. According to Article 14 of Federal Law No. 162-FZ "On Standardization in the Russian Federation", standardization documents are regulatory documents which are usually voluntary and developed in order to provide information support for standardization processes.
Classifying standardization documents as regulatory documents containing no legal norms implies that their development, updating and application are specific, which does not cancel the requirements for ensuring hierarchy in the system of regulatory documents. Unfortunately, one of the serious problems that are not always resolved in enterprises is the lack of compliance with local regulatory documents or standards, local regulatory legal acts: specifications, guidelines, instructions.
Regulatory support in this paper is understood as providing an enterprise (company) with information in standardization documents. . Figure 1 shows the nomenclature of standards classified in according to the hierarchy of developers, controlled units and areas of application that can be required by production. The structure of documents most demanded by an enterprise in the field of standardization can include the following national regulatory documents:  Intercountry standards;  National standards;  Industry standards;  Sets of rules;  Company standards;  Technical conditions.
As well as foreign standards:  International standards;  Regional standards;  National standards and other regulatory standardization documents.
Foreign standards can be either applied or not in the Russian Federation depending on the type of agreement (contract) for product manufacturing and supply.
The purpose of regulatory support is timely and full information support of the enterprise for complying with the provisions of product delivery contracts and requirements of regulatory documents.
Depending on the capabilities of the enterprise, interested in information support, the above types of standardization documents can be either purchased or developed independently by the enterprise's employees. What's more, purchasing standards, developing and introducing them to the enterprise represent two functionally related but heterogeneous processes, with each of them implying that a system approach is used and relevantly tested documented procedures are elaborated and applied.
Depending on the developer of regulatory documents (right holder of the information presented in regulatory documents) and the scope of application, standardization documents can be considered as internal or external ones. Differently from external regulatory documents, local regulatory documents (standards), which are drawn up (as a rule, by the enterprise's employees) and applied in the enterprise, given the range of controlled units, can have confidential information and/or information containing a trade secret. According to Federal Law No. 98-FZ dated 29.07.2004 "On trade secret" GOST R 50922-2006 Protection of information. Basic terms and definitions, such information is subject to protection from being accessed by unauthorized persons., both in case regulatory documents are either on paper or on electronic media, the objectives of information security are set considering of the real conditions in which enterprises operate and the nature of the manufactured products. According to the requirements of clause 6.2, ISO 27001: 2013, it is reasonable to "establish applicable (and, if it is practically feasible, measurable) objectives of information security given the requirements for information security, the results of risk assessment and treatment. Determine what will be done, what resources will be needed and who will be responsible when they are fulfilled and how the results will be evaluated." Relying on the experience of providing information security in machine-building enterprises, it is possible to recommend that a generalized goal of information security should be providing the production system with efficient regulatory support which excludes access of third parties to confidential information and information containing a trade secret.
Leak of restricted information from regulatory standardization documents can entail a risk of losing competitiveness by an enterprise. The problem of information security in regulatory documents -standards of companies (enterprises), in the technical conditions calls for elaborating a documented system of distribution, storage and circulation of standardization documents. Among other things this is about drawing up and applying local regulatory acts establishing the liability of the enterprise's employees for violating the rules of circulation and application of the company's standards and technical conditions. The problem of protecting the above-mentioned information is becoming increasingly acute today, since technical conditions, containing the main requirements for products, are now referred to as standardization documents, according to Federal Law N 162-FZ "On Standardization in Russian Federation" dated 29.06.2015.
According to article 16 of Federal Law N 149-FZ, dated 27.07.2006 (as revised on 02.12.2019) "On information, information technology and information security", documenting the above types of information implies using legal, organizational and technical measures aimed at: 1) providing information security from unauthorized access, destruction, modification, blocking, copying, presenting, dissemination, and other wrongful actions in relation to such information; 2) ensuring confidentiality of restricted information: 3) exercising the right for access to information. Based on the analysis and generalization of scientific and practical materials about information support organized in industrial enterprises [2,3], it should be concluded that if an enterprise lacks a system approach to information support, protection of information contained in local regulatory documents, and in case the rules of accessing external regulatory documents with restricted application are not complied with, considerable risks can arise, such as: 1. Untimely provision of regulatory documents (purchase of external regulatory documents, development and update of local regulatory documents), resulting in noncompliance with the terms of product delivery to counteragents stipulated in a contract; 2. Application of regulatory documents that have become obsolete, which entails breach in the terms and conditions of contracts on product delivery related to quality and time; 3. Violation of the terms of license agreements for the application of regulatory documents implying unjustified spending of the enterprise's resources; 4. Leakage of confidential information (trade secret) specified in regulatory documents. The above problems should be tackled promptly and efficiently if enterprises use systems of regulatory documents.
Given the afore-mentioned goals of regulatory support of the activities of an enterprise and the expected risks which may arise in the course of the regulatory support process, it seems reasonable to consider possible solutions to the problems about supporting the activities of an enterprise and complying with contract obligations: 1. Organizing the process of purchasing regulatory documents ensuring the needs of the enterprise, which excludes the risk of violating the terms of contracts for their purchase; 2. Organizing the development and update of local regulatory documents -company standards, technical conditions; 3. Organizing the presentation of regulatory documents to employees in the subdivisions of the enterprise (organizing document circulation); 4. Providing limited access to the information presented in local regulatory documents on standardization to third parties when the former ones are developed and then applied in the enterprise's subdivisions.
Let us consider the possible solutions to the mentioned tasks of information support, problems related and the ways to overcome them.

Materials and methods
Since it is essential that information support systems should be introduced in enterprises in order to ensure effective application of management systems, systems of standards regulating this type of activity started to be developed and applied. Analyzing and comparing the requirements in the standards GOST R 43.0.1-2005 Informational ensuring of equipment and operational activity. General, GOST 34.003-90 Information technology. Set of standards of automated system. Automated systems. Terms and definitions. Intercountry standard, made it possible to formulate the goals of information support, as well as identify, document and implement the main information processes.
Observing the processes of organizing information support in industrial enterprises involved in piece and serial production allowed us to obtain enough information about the opportunities and problems arising as they take place.
System approach to researching the process of information support made it possible to establish the place and role of regulatory support for full-fledged implementation of the functions of management systems applied in enterprises and to highlight it as a constituent of the totality of processes described in ISO 9001:2015 "Quality management systems. Requirements".
An industrial enterprise has to adapt to forever occurring changes in the business environment by transforming its own behavior, operational practices and business processes. That is why the information system of an enterprise must maintain operative efficiency of E3S Web of Conferences 164, 09013 (2020) TPACEE-2019 https://doi.org/10.1051/e3sconf /202016409013 the existing business model and, at the same time, to ensure the necessary level of flexibility so that it could fit into future unpredictable changes in requirements.
So, a major element in managing processes is a model of a flexible information system of an enterprise, defined as a working system that has to eliminate most of the possible gaps caused by external events by gradual change of its own parameters [4].
The local regulatory documents regulating the process of enterprises' information support and security have been compared to the requirements of the laws and regulations, international and national standards, and thus it has become possible to harmonize all these requirements and create prerequisites for successful confirmation of the conformity of management systems.
Describing the practical experience in providing information support in enterprises will allow us to spread progressive approaches and methods of information support and to create effective management systems.

Organizing the purchasing process of regulatory documents to meet the needs of the enterprise
The basic condition for the timely purchase of the regulatory documents the enterprise needs is to plan this purchase and to finance unscheduled (operative) purchase of regulatory documents.
Given that regulatory documents are applied at all stages of the product life cycle in which the manufacturing enterprise takes part, the most important organizational requirement is to synchronize the process of purchasing the materials, semi-finished produces and component parts, R&D plans, and standardization work plans of the enterprise with the process of financial planning of information support.
The sufficiency of financial means for purchasing regulatory documents during planning can be ensured with investigating the main sources of information about the cash needs for purchases of regulatory documents: 1. Analyzing the materials on the average need for money by contracts for the purchase of regulatory documents for the periods, preceding the current one.
2. Analyzing the contracts for the delivery of materials, semi-finished products and component parts, product design and manufacturing in the enterprise for the target year and by putting together the applications for the purchase of regulatory documents.
3. Analyzing the amount of regulatory support funding according to unscheduled applications in the previous target periods and creating an operative reserve of money for unscheduled purchase of regulatory documents.
The above approach to planning the financial resources for the purchase of regulatory documents implements the requirements of Federal Law N 44-FZ dated 05.04.2013 "On the contract system in the field of purchase of goods, work, services to provide for the state and municipal needs".
Federal law N 223-FZ dated 18.07.2011 "On the purchase of goods, work, services by some types of legal entities" (last revision), among other legal norms, guarantees that the rights and interests of all subjects involved in purchasing are complied with. According to the practice of organizing information support in an enterprise, the obligations of fulfilling pre-contract work aimed at purchasing regulatory documents are normally put on the company officials in the standardization and technical regulation subdivisions, who have the competences necessary for preparing draft contracts.
The workers of the subdivisions responsible for the preparation of draft contracts for the sale of goods, when drawing up and signing the contracts with a customer can pay no attention to additional requirements (as a rule initiated by the customer) for purchase and further handover to the customer of regulatory documents used during manufacturing of the goods. In case there is such a term in the main contract (for the delivery of goods), the enterprise organizes a purchase of the required regulatory documents. At the same time, the further contract for the purchase of regulatory documents, as a rule, has to include a license agreement, which puts a ban on handing over the regulatory documents to third parties, which means there is risk of violating the license agreement. This problem (contradiction between the terms of the contracts) can be solved in case the functions of the enterprise's subdivisions are correctly assigned, in particularly, by making the standardization subdivision responsible for the control over all draft contracts the enterprise plans to come into if their terms imply purchasing or handing over regulatory documents to third parties.
The Figure 2 below shows all the stages of individual planning process of purchases in the subdivision responsible for information support of production. When purchase activities are arranged in the field of information support, special attention should be given to organizing the conclusion and execution of contracts for the delivery of regulatory documents.
When contract work is organized in the field of information support, attention should be devoted to the competence of the personnel who are involved in the preparation of purchase contracts and control that the terms of the contracts are fulfilled. This requirement can be met by selecting well-qualified employees who have experience of contract work and by organizing their continuous learning given the changing requirements of the international and national laws.
For many industrial enterprises it is common in pre-agreement work to apply electronic systems for approving contract drafts on purchase of regulatory documents [5]. Today this approach is one of the most important conditions for efficient purchase of the necessary regulatory documents. In case electronic approval is used, the expected economy of time spend on this approval can be up to 25% of the time necessary for agreeing upon a contract on paper media. The positive qualities of electronic approval is the timing of approval of an agreement (contract), and the requirement for motivated rejection of the approval.
One of the problems arising when this method of approval is used can be the lack of electronic signatures of the company's employees.
When a draft contract for the delivery of regulatory documents is drawn up and negotiated, one of the essential terms of the contract is a license agreement, which regulates the procedure of applying the purchased regulatory documents. According to [6], a contract for the purchase of regulatory documents can imply that the enterprise is provided with a single-user or multiple-user license. It can vary significantly in cost and the time granted for using a regulatory document.
Thus, a single-user license implies the user of the regulatory documents has the right to do the following things for an unlimited period of time:  To print out one PDF copy of a standard for personal use;  To download and browse electronic versions of the documents on a PC.
At the same time the user is not allowed to:  Post a regulatory document in the global network, Intranet or an internet shop;  Save an electronic document in a corporate network available for third parties;  Provide access to the electronic document to a third person;  Scan or reproduce electronically the document presented on paper media;  Further reproduce or photocopy the standard purchased or printed out from an electronic copy of the document;  Remove, hide or change the contents or other marking on the documents.
A multi-user license implies the following rights of the user of the regulatory documents for a period of one year minimum:  Store the document in the internal network of the enterprise;  Print out the document for personal use.
At the same time the user cannot:  Post in the global network or an internet shop;  Remove, hide or change the contents or other marking on the documents.
Taking a decision on the purchase of a multi-user or a single-user license for regulatory documents is one of the basic conditions for ensuring effective contract work and preventing risks related to the breach (non-compliance) with the terms of the contract for the delivery of regulatory documents.
International standards, regional standards and regional sets of rules, foreign countries' standards and sets of rules, other standardization documents of foreign countries are applied in accordance with the international treaties of the Russian Federation and Federal Law N162-FZ "On standardization in the Russian Federation".
When goods of an enterprise are delivered under international agreements (contracts), in addition to the need for purchasing international standards, regional standards and regional sets of rules, foreign countries' standards and sets of rules, other standardization documents of foreign countries, it also becomes essential to translate them into the language of the user's country in a licensed way. This circumstance leads to two typical solutions:  buying the translated document from the right holder;  making a contract with a licensed translation company for translating foreign regulatory documents. The practice of organized translating, via making contracts with a licensed translation firm, proves that the time for making translations is considerable (from 2 weeks to 2-3 months). Given the specific features of this type of work, it is important that this time should be considered as well as the expected financial costs at the moment when information support is planned.
An important legal aspect of information support is the copyright of the developer of standards, which is spread not only on the originals of documents but also on their translations.
Translated standards are not official unless they are recognized as such by the developer of standards. Applying illegal copies of regulatory documents considerably increase the risks which can arise in the relations built with auditing and certifying bodies and counteragents.
When an enterprise (company) purchases a foreign standard, it can translate it by its own means and use it inside the enterprise (company) without any additional approval with the right holder. But if the translation is to be used outside your company, for accrediting a laboratory, manufacturing some equipment, running tests, etc., a legitimate translation into Russian must be officially bought from the right holder or its official distributor. In this case, you get a translation which is prepared in accordance with the requirements of the right holder, has a water mark with the name of your organization on every page, and the number of the order, by which both the right holder and the distributor can always confirm that you bought the translation legally.
When the time needed for the translation of regulatory documents is determined and a contract is made with a translation company, it is reasonable to follow the requirements PR 50.1.027-2014 Rules of standardization. Rules for providing translation and specialized types of linguistic services (Date of enforcement is 2014-05-01), which set time rates for making translations. When a contract is made for translating regulatory documents, there is an absolute requirement for the quality of the translated documents, which is based on translation strategy and methods. So, before a contract is signed, it seems reasonable to learn about the specialization of the company's translators and study the reviews of this company's customers [7].

Organizing the development of local regulatory documents -standards of an enterprise (organization)
Local regulatory documents -standards of organizations (enterprises) must be developed and updated routinely in accordance with the requirements of the Company Standardization Action Plan. Possible unscheduled development of standards is governed, as a rule, by:  update of national and intercountry standards;  discrepancies in the requirements of standards detected in audit check-ups of the enterprise's management systems and subdivisions;  development and introduction of new production processes, technology manuals;  new requirements for labor safety in the enterprise.
The following ones can be referred to system problems arising in the process of development (approval, application) of standards of organizations (enterprises):  rejections in approving a draft standard by relevant subdivisions (lack of solution to disputable requirements of the standard);  lack of obligatory legal analysis of draft standards developed in enterprises (organizations) to be carried out during expert examination of standards of organizations in Technical Standardization Committees. The main reason why disputes arise during approval of draft standards of organizations is because the developer has not considered the requirements of the regulations of the developer's department and other relevant subdivisions, and job descriptions of the workers participating in the processes.
A similar situation is faced in case there is no coordination between the requirements of the standards of organizations (enterprises) and the requirements of local laws and regulations on the basis of which the regulatory documents -standards are developed. When drafts of regulatory documents are drawn up, the requirements of RD 107.12.009-89 'Industry guidance document. The statute of organizational units and subdivisions of an organization or enterprise', and the principles stipulated in [8,9] should be considered. Such documents are modelled in terms of the obligations, permissions and prohibitions of the process participants for the actions limited by time restrictions and involving potential risks arising due to non-compliance with conditions. To minimize such risks at the stage when a regulatory document is drawn up, it is important that at least one basic rule of legal technology is used, i.e. the hierarchical pattern of regulatory documents, formulated in GOST R 58182-2018 Requirements for experts and specialists. Engineering documents normocontrol. Basic principles. This is the rule according to which a regulatory legislative act of a lower level cannot contradict an act of a higher level. An act of a lower level contains special norms in relation to an act of a higher level, extends and elaborates its provisions. Premised on the principle that standards cannot contradict laws and regulations, in this particular case, the regulations of subdivisions, job description, it is essential that when a draft standard is prepared, it should comply with the requirements of these documents and this compliance should be ensured via legal analysis of the draft standards. In order to reduce the time for developing standards, the stage of legal analysis should precede the normocontrol of draft standards.
The process of approval of the drafts of regulatory documents must be governed by a respective standard of an organization (enterprise). If the following conditions are complied with, a positive solution for all stakeholders (approval of the requirement of the standard) can be achieved:  with the opinion of every stakeholder on the considered draft standard being necessarily supported by a respective substantiation given the regulatory legislative acts in force, regulatory documents, technical documents;  by conducting approval meetings and giving the decision-making right to the head of the meeting;  by documented confirmation of substantiations on disputable issues, and taken decisions.
The normocontrol of the prepared draft standards is implemented in in accordance with the requirement of a local regulatory document.
When general requirements for normocontrollers, formulated in [10] are met, a mandatory condition for effective normocontrol of standards is that compliance assessors are specialized in the field of "Standardization Documents".
A very important condition for applying the company standard in an enterprise is the procedure of its enforcement (the stage completing the development).
According to clause 4.13 of GOST R 1.4-2004 Standardization in Russian Federation. Standards of organization. General provisions, the standards of an organization are approved by the chief executive (or his or her deputy) of the organization with an order and (or) with his or her personal signature on the title page of the standard in accordance with the procedure established in the organization.
The experience of work with regulatory standardization documents in industrial enterprises proves that it is reasonable to enforce the standards of organizations (enterprises) by issuing a respective order for the enterprise about the enforcement (with stipulation of the date of enforcement), which is signed by authorized officials. In case the approval of a standard is approached like that, the fact of non-compliance with the requirements introduced by an order of a regulatory document makes it possible to formulate such violation as non-compliance with a regulatory legislative act and will guarantee the necessary implementation practice.

Organizing the submission of regulatory documents to the subdivisions of an enterprise (organization of document circulation)
Purchased external documents and regulatory documents developed in an enterprise can be provided for use to the company employees, as a rule, either on paper or electronic information media. In the works dedicated to this topic, the authors who are sure of the completeness and sufficiency of information presented to the users only on electronic media highlight the weaknesses of the applied information systems [11].
The available experience in organizing information support proves that there is demand for regulatory documents both in electronic format in electronic information bases of enterprises and those on paper media. Table 1 presents the positive (preferred) and negative (unacceptable) qualities of electronic and paper documents for the purposes of information support. Energy dependence of information media -+ 10 Capability of applying regulatory documents at workplaces (in technology processes) excluding the possibility of using electronic media -+ Note -confirmed by experience of using information media in management systems of machinebuilding enterprises involved in piece-and mass production. Measuring the advantages of standards in digital form, substantiated in [12], the authors also highlight a low level of their development in terms of the information support of an enterprise, which makes the use of paper documents quite reasonable.
According to the analyzed data in Table 1, it seems sensible and necessary to apply both paper and electronic documents. Employees of an enterprise should be provided with regulatory documents following the equirements of the company standard developed on the basis of national standards: Library collection. Collection development technology. When information support is organized based on paper regulatory documents, it is essential that the framework of the information support system includes experts responsible for standardization from every relevant subdivision of the enterprise. The responsibility of these workers for the execution of work related to the provision and storage of regulatory documents should be documented by an order (decree) for the subdivision (enterprise).
The process of providing the standards to the workers does not finish the cycle of information support. The next stage is to teach the personnel to the requirements of the regulatory documents and, most importantly, the procedure of their application. The process of training the personnel to apply the regulatory documents is subject to planning as it implies distracting the workers from their functional duties and involving additional financial means. Due to this, the structure of the Company Standardization Action Plan must envisage the section "Personnel Training".

Providing limited access to the information contained in local regulatory documents on standardization during development and in the process of application in the enterprise's subdivisions
Access of third parties (who are neither company workers, nor the representatives of the counteragents on product deliveries) to the regulatory documents entails the following risks: 1. In case of external regulatory documents, there can be violation of the license agreement with the supplier (developer of the regulatory document) with the purchaser of the regulatory documents being held liable and bearing possible unscheduled financial costs.
2. In case of local regulatory documents (standards), there can be leakage of confidential information (information containing a trade secret).
The practice of organizing an effective document circulation of regulatory documents tried and tested in industrial enterprises allows us to recommend that regulatory documents should be used on two types of media simultaneously, i.e. both on electronic and paper media. In case paper regulatory documents are used, unauthorized access to information can occur in the following cases:  unauthorized copying of the documents;  non-compliance of the employees responsible for the organization of document circulation with their job duties;  lack of persons responsible for submission and storage of the regulatory documents in the subdivisions;  loss of documents during implementation of the stages of the product life cycle by company employee. When electronic regulatory documents are used, unauthorized access to information can occur in the following cases:  Lack of control and non-compliance with the access mode to the electronica bases of regulatory documents by the company employees (persons on the premises of the enterprise);  Unauthorized copying of regulatory documents on external information tanks;  Access to the electronic bases of regulatory documents by external organizations (external control). In order to prevent unauthorized access to the electronic bases of the regulatory documents, the following access mode should be set: 1. Access to managing the document bases should be granted to a limited number of workers who are specially trained in accordance with their job descriptions. The responsibility for preserving the information must be legally documented in orders (decrees) on personnel.
2. To ensure differentiated user access to various types of documents. Application of the relevant software. The process of application of the information contained in the electronic bases of regulatory documents must be governed with a local regulatory document.
3. To limit the possibilities for unauthorized copying of the documents. 4. To inform the company employees about the requirements of the regulatory legislative acts for treating confidential information and information containing a trade secret.
5. Within audit check-ups of the first party, to organize control over application of unaccounted copies of regulatory documents.
In order to make information support on paper media effective (timely, up-to-date, without information leakage), a system of paper document circulation should be created including the following:  a manpower unit ensuring circulation of regulatory documents within the limits of the enterprise and in the production subdivisions. This refers to setting up a standardization subdivision (appointing an official) which organizes purchase, development, storage, accounting, distribution, control of circulation and application of regulatory documents.  officially appointed experts, responsible for violation of the rules of document circulation, in the subdivisions involved in the receipt, storage, provision of company employees, and disposition of regulatory documents. On the basis of the above approaches to the practice of providing regulatory documents, Figure 3 presents a model of information support which is recommended for application in an industrial enterprise. Concluding the topic of information support of enterprises, it should be noted that the key element of any program of information support is proper human resourcing. As a rule, organizations do not have enough employees that are qualified to achieve the goals of the information programs. So, it is very important to evaluate the presence and qualification of the manpower and to make sure that you can fulfill all the planned objectives [13].

Discussion
The main advantage of the methodological approach to organizing information support presented in this paper is the focus on the interests of an industrial enterprise and the specified ways to overcome the expected risks. The process of regulatory support as a component process of an enterprise's management system ensures the condition of complying with the requirements of the product consumer.

Conclusion
1. In order to create an effective system of regulatory support in an enterprise, the following objectives must be fulfilled given the specifics of a concrete enterprise:  a competent organizational structure must be set up to provide information support;  all types of activity in terms of regulatory support of the enterprise must be planned;  the purchase of the necessary regulatory documentation must be organized;  document circulation and information system support must be organized and regularly updated;  it is necessary to organize company employees' training concerning the issues related to keeping and applying regulatory documents;  information security must be provided when regulatory documents are circulated and used.
2. The main rules of organizing regulatory support of an enterprise are formulated aimed at preventing risks arising in the process of information support of the enterprise.
3. The functional model of an enterprise's information support is prepared and presented.
4. The requirements for applying a system approach to the organization of information support are substantiated.
5. The principle of information support of an enterprise with simultaneous application of documents on paper and electronic media is substantiated and suggested.