Essence of the Resolution:
The document establishes detailed requirements for risk management of safety at critical infrastructure facilities of the first criticality category. It defines the procedure for creating a risk management system, main types of risks, and principles for their assessment. It regulates the responsibilities of critical infrastructure operators in ensuring the safety of such facilities.
Structure and Main Provisions:
1. Defines the scope of application and basic terminology
2. Establishes 5 main types of risks: material, cybersecurity, human factor, interconnection disruption, process-related
3. Regulates the creation of a risk management system based on 6 principles
4. Defines the procedure for risk assessment, monitoring, and reporting
5. Sets requirements for personnel and documentation
Key Provisions for Application:
– Operators must create a separate unit or appoint a person responsible for risk management
– Mandatory preparation of a risk profile and a security measures plan
– Annual reporting to sectoral bodies by January 30
– Mandatory use of national and international risk management standards
– Risk relevance review must be conducted at least once a year