The list of subjects of critical information system Affirmed
14 March, 2013

On March11, 2013 President of Georgia approved the list of subjects who are subordinated under the critical information system category in accordance with the law of Georgia on Information Security, section 3 paragraph 2.

The above mentioned decree clearly borders the organizations, which are required to carry out the regulations considered by the law of Georgia on Information Security.

The regulations, which were mentioned, on the one hand, are law enforcement mechanisms as they define in detail the important aspects of the information and cyber security and, on the second hand, help information system subjects in the process of better implementing the law.

Data Exchange Agency will periodically carry out various consultancy services – trainings for respective personnel, phone support and monitoring the process of fulfillment of law requirements – for those organizations, which are granted the status of subject of critical information system.

Withal, in accordance with the law on Information Security, Data Exchange Agency formulated the following regulatory acts:

1) Decree on “Data Exchange Agency support group on computer incidents”;
2) Decree on “Approving minimal standards to the subject of the critical information system’s information security manager”;
3) Decree on “The rules for configuring the network sensor”;
4) Decree on “Information security minimal requirements”;
5) Decree on “The rule of authorizing of the person and organization having the right to carry out the information security audit”;
6) Decree on “The rule of conduct of the information security audit”;
7) Decree on “The rule for managing the information assets”.

The list of subjects of critical information system is available on the following link: