Resolution Essence:
\nThe document establishes detailed requirements for risk management of safety at critical infrastructure facilities of the first criticality category. It defines the procedure for creating a risk management system, main types of risks, and principles of their assessment. The resolution aims to prevent incidents and minimize their consequences at critically important facilities.<\/p>\n
Structure and Main Provisions:
\n1. Five main types of risks are identified: material, cybersecurity, human factor, interconnection disruption, and process risks.
\n2. Principles of the risk management system are established: integration, structuredness, individuality, dynamism, proper awareness, and minimization of the human factor.
\n3. The procedure for risk assessment through their identification, analysis, and processing is defined.
\n4. Reporting requirements are established – annual submission of reports by operators to sectoral bodies and by sectoral bodies to the State Special Communications Service.<\/p>\n
Key Provisions for Application:
\n– Critical infrastructure operators must create a separate unit or appoint a person responsible for risk management
\n– Internal documents on risk management and a facility-level security action plan must be developed
\n– Risk assessment must be conducted at least once a year
\n– The risk management system must comply with national and international standards, including DSTU IEC\/ISO 31010:2013 and NIST SP 800-53<\/p>\n