Security act
Operators of ICT systems of special importance are usually required to have and implement a security act. The security act regulates protection measures, principles, manner and procedures for achieving an adequate level of system security, as well as authorisations and responsibilities related to the security and resources of the ICT system of special importance . The operator of the ICT system of special importance has to check the compliance of the applied measures in the ICT system with the security act at least once a year.
Each protection measure, e.g. making regular data backups , should be described in as much detail as possible. In addition to the description, the measure should contain the principles and procedures that will be applied during its implementation.
After describing the measures and referring to the principles and procedures, the security act should determine the responsible person for each measure, which is obliged to make sure that the measures are respected in practice.
Data backup CERT