xmlns:atom="http://www.w3.org/2005/Atom" xmlns:atom="http://www.w3.org/2005/Atom"

Please note that the date you requested in the address for this web page is not an actual date upon which a change occurred to this item of legislation. You are being shown the legislation from , which is the first date before then upon which a change was made.

ANNEX IIU.K.ECI OSP PROCEDURE

The OSP will identify critical infrastructure assets and which security solutions exist or are being implemented for their protection. The ECI OSP procedure will cover at least:

1.

identification of important assets;

2.

conducting a risk analysis based on major threat scenarios, vulnerability of each asset, and potential impact; and

3.

identification, selection and prioritisation of counter-measures and procedures with a distinction between:

  • permanent security measures, which identify indispensable security investments and means which are relevant to be employed at all times. This heading will include information concerning general measures such as technical measures (including installation of detection, access control, protection and prevention means); organisational measures (including procedures for alerts and crisis management); control and verification measures; communication; awareness raising and training; and security of information systems,

  • graduated security measures, which can be activated according to varying risk and threat levels.