|
|
|
Security measures guidelines
|
| |
7. (1) The Minister may, for the purpose of providing practical guidance to providers, having consulted with the Commission and such other persons as he or she may consider appropriate—
|
|
| |
(a) prepare and publish guidelines on the implementation of technical and organisational measures to manage the risks posed to the security of networks and services, and
|
|
| |
(b) approve guidelines, or any part of guidelines, on the implementation of technical and organisational measures to manage the risks posed to the security of networks and services made or published by another person,
|
|
| |
(each referred to in this Act as “security measures guidelines”).
|
|
| |
(2) Without prejudice to the generality of subsection (1), security measures guidelines may relate to any of the following:
|
|
| |
(a) the risks posed to the security of networks and services;
|
|
| |
(b) the types of measures considered appropriate for securing electronic communications networks and services;
|
|
| |
(c) guidance on the implementation methods of specified measures;
|
|
| |
(d) standards or technical specifications that may be considered appropriate for the implementation of specified measures;
|
|
| |
(e) certification schemes that may be considered appropriate to adopt for the implementation of specified measures;
|
|
| |
(f) commencement times for certain measures;
|
|
| |
(g) transitional provisions for providers.
|
|
| |
(3) Before publishing or approving security measures guidelines, the Minister shall publish a draft of the proposed guidelines on a website maintained by or on behalf of the Department of the Environment, Climate and Communications and allow a period of 30 days beginning on the day on which the draft is published during which persons may make written representations in relation to the proposed guidelines.
|
|
| |
(4) The Minister may, having considered any representations received during the period specified in subsection (3), publish or, as the case may be, approve the guidelines with or without modification.
|
|
| |
(5) Where the Minister approves guidelines he or she shall publish the approved guidelines or a notice to that effect.
|
|
| |
(6) Where the Minister is satisfied that security measures guidelines are required urgently in order to prevent a serious imminent risk to the security of networks and services, to the health or safety of persons or to property, the Minister may publish or approve the guidelines without consulting in accordance with subsection (3).
|
|
| |
(7) The Minister may publish security measures guidelines in such form or manner as he or she considers appropriate, including on the internet, and any security measures guidelines published shall specify the date from which they have effect.
|
