[ad_1]
Uzbekistan adopted its first Legislation “On Cybersecurity” (No. ORQ-764 dated 15 April 2022) (the Legislation), which comes into drive on July 17, 2022. We beforehand knowledgeable you that the draft regulation was below dialogue in Uzbekistan’s parliament, the Oliy Majlis.
The total textual content of the Legislation is accessible right here (in Uzbek and Russian).
Is it related for my enterprise?
The brand new necessities might have an effect on your enterprise in case you possess (below the best of possession, lease or different authorized floor), function or interoperate info techniques used within the following areas (“vital amenities”):
- Public administration and the supply of public companies
- Protection
- Nationwide safety
- Legislation enforcement
- Gas and vitality industries (together with nuclear vitality)
- Chemical, petrochemical industries
- Metallurgy
- Water administration and water provide
- Agriculture
- Public well being
- Housing and utility companies
- Banking and finance
- Transportation
- Data and communication applied sciences
- Ecology and environmental safety
- Extraction and processing of minerals of strategic significance
- Manufacturing
- Different sectors of the financial system and the social sphere.
Who’s the cybersecurity regulator?
The State Safety Service of the Republic of Uzbekistan is the regulator within the area of cybersecurity. The Workplace of the President of the Republic of Uzbekistan units out a unified public coverage associated to cybersecurity.
How can these adjustments have an effect on your enterprise?
Operators of vital amenities could have the next obligations:
- Adjust to cybersecurity necessities outlined by the regulator,
- Implement above-standard cybersecurity necessities as soon as accredited by the regulator,
- Guarantee steady operation of vital amenities,
- Make sure the storage of information of vital amenities (by making a backup copy) for no less than the final three months,
- Present the regulator with entry rights to watch the state of cybersecurity and join the company cybersecurity system with the regulator’s cybersecurity incident monitoring and administration system,
- Certify the {hardware}, firmware and software program,
- Set up and function monitoring techniques to stop cyber-attacks, remove their penalties, and reply to cybersecurity incidents,
- Adjust to the regulator’s directions to remove detected violations,
- Forestall unlawful distribution, theft, loss, violation of the completeness, blocking and falsification of information, in addition to different varieties of unauthorized entry (entry), to take well timed applicable measures when detecting such incidents
- If relevant, conduct a cybersecurity certification, cybersecurity compliance evaluation and cybersecurity evaluation,
- With respect to a cybersecurity incident:
- Make sure the functioning of Pc Assault Detection and Response Facilities, and of their absence, outsource such companies with the regulator’s permission,
- Notify the regulator about incidents and cybercrimes,
- Take measures to stop the lack of related digital traces to completely uncover incidents,
- Present everlasting storage of data wanted for cybersecurity incident analyses and cybercrime investigations,
- Take actions to attenuate the adverse penalties and measures to revive entry promptly.
What actions ought to be taken?
When you assume your enterprise qualifies as a vital facility, it’s essential to be ready with an motion plan within the occasion the regulator lists your enterprise within the single register of vital amenities. Such qualification might result in sure monetary prices (e.g., shopping for {hardware} and software program accredited by the regulator) in addition to organizational adjustments (e.g., making a particular cybersecurity crew of specialists duly licensed by the regulator, liaising with the regulator).
[ad_2]
Source link