The article presents an information model for ensuring the security of personal data in information systems, based on the Secure Remote Password protocol and Russian cryptographic algorithms GOST R34.12-2015 (“Kuznechik”) and GOST 34.11-2018 (“Stribog”). An analysis of threats and vulnerabilities of the information systems, the regulatory framework and modern methods of protecting personal data is carried out. A modular software implementation has been developed that is resistant to the main types of attacks, including traffic interception, man-in-the-middle attacks and database leaks.