Resolution Essence:
The document establishes detailed requirements for risk management of safety at critical infrastructure facilities of the first criticality category. It defines the procedure for creating a risk management system, main types of risks, and principles of their assessment. The resolution aims to prevent incidents and minimize their consequences at critically important facilities.
Structure and Main Provisions:
1. Five main types of risks are identified: material, cybersecurity, human factor, interconnection disruption, and process risks.
2. Principles of the risk management system are established: integration, structuredness, individuality, dynamism, proper awareness, and minimization of the human factor.
3. The procedure for risk assessment through their identification, analysis, and processing is defined.
4. Reporting requirements are established – annual submission of reports by operators to sectoral bodies and by sectoral bodies to the State Special Communications Service.
Key Provisions for Application:
– Critical infrastructure operators must create a separate unit or appoint a person responsible for risk management
– Internal documents on risk management and a facility-level security action plan must be developed
– Risk assessment must be conducted at least once a year
– The risk management system must comply with national and international standards, including DSTU IEC/ISO 31010:2013 and NIST SP 800-53