Post by mehedi15a on Mar 12, 2024 11:12:43 GMT 2
Heavy, and I include myself, and that is why I will make special emphasis on making this article easy to read, focusing only on the most relevant aspects. This is a standard that defines how to manage cybersecurity in companies that operate critical or essential services . What companies are you referring to? Here I quote verbatim what the standard says : In accordance with article 2 of Royal Decree-Law 12/2018, of September 7, this royal decree will apply to the provision of: a) Essential services dependent on information networks and systems included in the strategic sectors defined in the annex to Law 8/2011, of April 28, which establishes measures for the protection of critical infrastructures. b) Digital services that are online markets, online search engines and cloud computing services. They will be subject to this royal decree: a) Essential service operators established in Spain.
It will be understood that an operator of essential services is established in Spain when its residence or registered office is in Spanish territory, provided that these coincide with the place where the administrative management and direction of its businesses or activities are UK Mobile Database effectively centralized. Likewise, this royal decree will apply to the essential services that operators resident or domiciled in another State offer through a permanent establishment located in Spain. b) Digital service providers that have their registered office in Spain and constitute their main establishment in the European Union, as well as those that, not being established in the European Union, designate their representative in the Union in Spain for compliance. of Directive (EU) 2016/1148 of the European Parliament and of the Council of 6 July 2016 on measures to ensure a high common level of security of networks and information systems in the Union.
And does not apply to: a) Operators of electronic communications networks and services and trusted electronic service providers who are not designated as critical operators under Law 8/2011, of April 28. b) Digital service providers when they are micro or small businesses, in accordance with the definitions set out in Commission Recommendation 2003/361/EC of 6 May 2003 on the definition of micro, small and medium-sized businesses. companies. And what do these companies have to apply? Once the companies that are affected have been identified, this standard says that they must comply with the National Security Scheme , high level . What implications does the application of this standard have? To begin with, the security policies that must be established must contemplate the following actions: Carry out the corresponding risk management analysis Manage risks originated by third parties or suppliers Define the catalog of security.
It will be understood that an operator of essential services is established in Spain when its residence or registered office is in Spanish territory, provided that these coincide with the place where the administrative management and direction of its businesses or activities are UK Mobile Database effectively centralized. Likewise, this royal decree will apply to the essential services that operators resident or domiciled in another State offer through a permanent establishment located in Spain. b) Digital service providers that have their registered office in Spain and constitute their main establishment in the European Union, as well as those that, not being established in the European Union, designate their representative in the Union in Spain for compliance. of Directive (EU) 2016/1148 of the European Parliament and of the Council of 6 July 2016 on measures to ensure a high common level of security of networks and information systems in the Union.
And does not apply to: a) Operators of electronic communications networks and services and trusted electronic service providers who are not designated as critical operators under Law 8/2011, of April 28. b) Digital service providers when they are micro or small businesses, in accordance with the definitions set out in Commission Recommendation 2003/361/EC of 6 May 2003 on the definition of micro, small and medium-sized businesses. companies. And what do these companies have to apply? Once the companies that are affected have been identified, this standard says that they must comply with the National Security Scheme , high level . What implications does the application of this standard have? To begin with, the security policies that must be established must contemplate the following actions: Carry out the corresponding risk management analysis Manage risks originated by third parties or suppliers Define the catalog of security.
