Skip to content Skip to sidebar Skip to footer

On Approval of Requirements for Risk Management of Security at Critical Infrastructure Facilities of Category I Criticality

Resolution Essence:
The document establishes detailed requirements for risk management of safety at critical infrastructure facilities of the first criticality category. It defines the procedure for creating a risk management system, main types of risks, and principles of their assessment. The resolution aims to prevent incidents and minimize their consequences at critically important facilities.

Structure and Main Provisions:
1. Five main types of risks are identified: material, cybersecurity, human factor, interconnection disruption, and process risks.
2. Principles of the risk management system are established: integration, structuredness, individuality, dynamism, proper awareness, and minimization of the human factor.
3. The procedure for risk assessment through their identification, analysis, and processing is defined.
4. Reporting requirements are established – annual submission of reports by operators to sectoral bodies and by sectoral bodies to the State Special Communications Service.

Key Provisions for Application:
– Critical infrastructure operators must create a separate unit or appoint a person responsible for risk management
– Internal documents on risk management and a facility-level security action plan must be developed
– Risk assessment must be conducted at least once a year
– The risk management system must comply with national and international standards, including DSTU IEC/ISO 31010:2013 and NIST SP 800-53

Full text by link

Leave a comment

E-mail
Password
Confirm Password
Lexcovery
Privacy Overview

This website uses cookies so that we can provide you with the best user experience possible. Cookie information is stored in your browser and performs functions such as recognising you when you return to our website and helping our team to understand which sections of the website you find most interesting and useful.