These draft Guidelines are designed to assist Operators of Essential Services (OES) in meeting their network and information system security and incident reporting requirements under Regulations 17 and 18 of S.I. 360 of 2018: European Union (Measures For A High Common Level Of Security Of Network And Information Systems). They represent a sample approach that can be adopted by OES to manage the risks posed to the security of the network and information systems used in their operations, and to minimise the impact of incidents affecting those systems. They are both technology neutral and non-sector specific to allow OES in different sectors adapt these to meet their needs, and to evolve their sector specific response along with technological advances and business requirements.
The draft Guidelines were published for the purposes of further consultation, in accordance with Regulation 25(2), which requires that a draft of the proposed Guidelines be published on the internet to afford persons an opportunity to make written representations in relation to the draft within 30 working days. These representations will be considered before the final version of the Guidelines is published and comes into operation.
The deadline for submissions on these draft Guidelines was 27 February 2019.
Please note, submissions received as part of this consultation will not be published.