09.08.2016

On approval of the Rules and criteria for classifying objects of information and communication infrastructure to critical facilities information and communication infrastructure

      Unofficial translation

      In accordance with subparagraph 4) of article 6 of the Law of the Republic of Kazakhstan dated November 24, 2015 "On informatization" the Government of the Republic of Kazakhstan HEREBY DECREES:

      1. to approve the attached:

      1) Rules for classifying objects of information and communication infrastructure to critical facilities information and communication infrastructure;

      2) Criteria for classifying objects of information and communication infrastructure to critical facilities information and communication infrastructure.

      2. This decree shall come into force upon expiry of ten calendar days after the date of its first official publication.

      Prime Minister
      of the Republic of Kazakhstan К. Massimov

  Approved by the decreeof the Government of the
  Republic of Kazakhstan
dated September 8, 2016 no. 529

Rules for classifying objects of information and communication infrastructure to critical facilities information and communication infrastructure 1. General provisions

      1. These Rules for classifying information and communication infrastructure facilities as critical information and communication infrastructure facilities (hereinafter referred to as the Rules) have been developed in accordance with Article 6, paragraph 4, of the Law of the Republic of Kazakhstan "On informatization" and shall determine the procedure for classifying Information and communication infrastructure facilities as critical information and communication infrastructure facilities.

      Footnote. Paragraph 1 - as amended by the resolution of the Government of the Republic of Kazakhstan dated 26.10.2022 No. 849 (shall enter into force upon expiry of ten calendar days after the day of its first official publication).

      2. The following main definitions shall be used in these Rules:

      1) authorized body in the field of information security (hereinafter referred to as the authorized body) - the central executive body that carries out management and intersectoral coordination in the field of information security;

      2) information and communication infrastructure - information systems, technological platforms, hardware and software complexes, server rooms (data centres), telecommunication networks, as well as systems ensuring information security and uninterrupted operation of technical devices;

      3) information and communication infrastructure – a set of the objects of information and communication infrastructure intended to ensure the functioning of the technological environment in order to generate electronic information resources and provide access to them;

      4) critical information and communication infrastructure facilities (hereinafter referred to as CICIF) - information and communication infrastructure facilities, violation or termination of the functioning of which shall lead to illegal collection and processing of personal data of limited access and other information containing secret protected by the Law, social and (or) technogenic nature or significant negative consequences for defense, security, international relations, economy, individual spheres of economy or life of the population living in the relevant territory, including infrastructure: heat supply, power supply, gas supply, water supply, industry, healthcare, communications, banking, transport, hydraulic structures, law enforcement, "electronic government".

      Footnote. Paragraph 2 as amended by the decree of the Government of the Republic of Kazakhstan dated 09.04.2018 № 179 (shall enter into force upon expiry of ten calendar days after the date of its first official publication); No. 1047 of 31.12.2019 (shall be enacted ten calendar days after the date of its first official publication); No. 12 of 18.01.2021 (shall be put into effect ten calendar days after the date of its first official publication); dated 26.10.2022 No. 849 (shall enter into force upon expiry of ten calendar days after the day of its first official publication).

2. Порядок for classifying objects of information and communication infrastructure to critical facilities information and communication infrastructure

      3. Objects of information and communication infrastructure shall be classified as critically when meeting at least one of criteria of classifying the objects of information and communication infrastructure to critical objects of information and communication infrastructure (hereinafter referred to as the criteria) and shall be subject to introduction to the list of critical objects of information and communication infrastructure, approved by the Government of the Republic of Kazakhstan , (hereinafter referred to as the list).

      4. The authorized body annually, no later than February 1, shall send to the central state and local executive bodies, holders (owners) of strategic objects, critical state objects , objects of economy sectors, which have strategic significance, request on existing objects of information and communication infrastructure corresponding to at least one of criteria (hereinafter referred to as the request).

      5. Central state and local executive bodies, holders (owners) of strategic objects, critical state objects, objects of economy sectors, which have strategic significance, annually, no later than March 1, on the basis of a request, shall submit proposals to the authorized body for consideration to include objects of information and communication infrastructure in the list with documents and other materials justifying such compliance.

      5-1. In order to ensure the country's security, the authorized bodies in the field of defense, civil protection and national security bodies, on their own initiative, shall submit proposals to the authorized body for inclusion of information and communication infrastructure objects in the list and (or) exceptions from it, with the application of documents and other materials substantiating such compliance, within the time periods established by paragraph 5 of these Rules.

      Footnote. The Rules have been added with paragraph 5-1 in accordance with the decree of the Government of the Republic of Kazakhstan dated 26.12.2018 № 892 (shall enter into force upon expiry of ten calendar days after the date of its first official publication).

      6. The authorized body for the consideration and analysis of proposals of central state and local executive bodies, holders (owners) of strategic objects, critical state objects, objects of economic sectors, which have strategic significance, shall form a commission from among specialists of public associations in the field of information security, as well as officials responsible for ensuring information security in an authorized body, national security bodies, civil defense and defense (hereinafter referred to as the commission).

      Footnote. Paragraph 6 as amended by the decree of the Government of the Republic of Kazakhstan dated 26.12.2018 № 892 (shall enter into force upon expiry of ten calendar days after the date of its first official publication).

      7. The Commission shall examine the proposals, documents and materials submitted and make a recommendation:

      1) on the inclusion of an information and communication infrastructure object in the list;

      2) on rejection of the application for inclusion of an information and communication infrastructure object in the list;

      3) on removal of the information and communication infrastructure object from the list of essential information and communication infrastructure as per paragraph 11 hereof.

      Footnote. Paragraph 7 - as reworded by Decree of the Government of the Republic of Kazakhstan № 12 of 18.01.2021 (shall be put into effect ten calendar days after the date of its first official publication).

      8. The recommendation of the commission shall be recorded in a protocol, containing the following information:

      1) date and venue of the meeting

      2) committee structure;

      3) number of applications reviewed;

      4) the commission's recommendation for each ICT infrastructure object, justifying whether it meets or does not meet the established criteria.

      Footnote. Paragraph 8 - as reworded by Decree of the Government of the Republic of Kazakhstan No. 12 of 18.01.2021 (shall be enacted ten calendar days after the date of its first official publication).

      9. In case of rejection of the application for inclusion of the object of information and communication infrastructure in the list, the authorized body no later than ten working days from the date of the decision shall send a notification indicating the reasons for the refusal to the appropriate central state and local executive body, the holder (owner) of strategic objects, especially important state objects , objects of industries of strategic importance.

      10. The competent authority shall take one of three decisions based on the minutes of the commission:

      1) on the inclusion of an information and communication infrastructure object in the list;

      2) on rejection of the application for inclusion of an information and communication infrastructure object in the list;

      3) on removal of an information and communication infrastructure object from the list of critical information and communication infrastructure.

      The competent authority shall compile the list and submit it to the Government of the Republic of Kazakhstan for approval no later than 1 July of each year under the procedure established by law. The list shall be accompanied by the minutes of the commission and applications of central state and local executive bodies, owners (possessors) of strategic facilities, particularly important state facilities, facilities of strategic importance to the economy sectors.

      Footnote. Paragraph 10 - as reworded by Decree of the Government of the Republic of Kazakhstan No. 12 of 18.01.2021 (shall come into force ten calendar days after the date of its first official publication).

      11. The list shall be updated annually by the authorized body on the basis of proposals from central state and local executive bodies, holders (owners) of strategic facilities, critical government facilities, facilities of economic sectors of strategic importance in connection with the cessation of industrial operation of a critical facility of information and communication infrastructure or a change in the functionality of the critical information and communication facility infrastructure that entailed the loss of compliance with the criteria or the identification of a new object of information and communication infrastructure that meets at least one of the criteria.

      The authorized body shall consider proposals of central state and local executive bodies, owners (owners) of strategic objects, especially important state objects, objects of industries of strategic importance, in accordance with the procedure provided for by paragraphs 6-10 of these Rules.

      12. Amendments and (or) additions to the list shall be made when necessary according to the procedure established by these Rules and legislation.

  Approved by the decree
of the Government
of the Republic of Kazakhstan
dated September 8, 2016 no. 529

Criteria for classifying objects of information and communication infrastructure to critical facilities information and communication infrastructure

      1. Influence of the object of information and communication infrastructure on the continuous operation of critical state facilities, in the event of a malfunction of which the activities of critical state objects will be stopped.

      2. Influence of the object of information and communication infrastructure on the continuous and safe operation of strategic objects, in case of disruption of which the activity of strategic objects will be stopped or a threat of an emergency of man-made character will arise.

      3. Influence of the object of information and communication infrastructure on the continuous and safe operation of objects of economic sectors of strategic importance, if its functioning is disrupted, the activities of objects of economic sectors of strategic importance will be stopped, or a man-made emergency will occur.

      4. The impact of the information and communication infrastructure facility on ensuring the sustainable functioning of the electronic government informatization facility and other information and communication services, the partial or complete violation (termination) of the functioning of which may lead to the illegal collection and processing of personal data of limited access and other information containing secret protected by the Law, an emergency of a social nature.

      Footnote. The criteria are added with paragraph 4 in accordance with the decree of the Government of the Republic of Kazakhstan dated 09.04.2018 № 179 (shall enter into force upon expiry of ten calendar days after the date of its first official publication); as amended by the resolution of the Government of the Republic of Kazakhstan dated 26.10.2022 No. 849 (shall enter into force upon expiry of ten calendar days after the day of its first official publication).

Дата вступления в силу:  09.08.2016
Дата изменения акта:  10.02.2024
Дата принятия акта:  09.08.2016
Место принятия:  100051000000
Орган, принявший акт:  103000000000
Регион действия:  100000000000
Регистрационный номер акта в Государственном реестре нормативных правовых актов Республики Казахстан:  106133
Регистрационный номер НПА, присвоенный нормотворческим органом:  529
Статус акта:  upd
Сфера правоотношений:  005005000000
Форма акта:  ПОСТ / ПРАВ
Юридическая сила:  1000
Язык акта:  eng