Industry

Măsuri minime de securitate conform Deciziei preşedintelui ANCOM nr. 512/2013

Information on the obligations imposed on the providers of public electronic communications networks or of publicly available electronic communications services

The providers of public electronic communications networks or of publicly available electronic communications services have the obligation to take all appropriate security measures to appropriately manage the risks posed to the security of electronic communications networks and services in order to ensure a level of security appropriate to the identified risk and to prevent or minimise the impact of security incidents on users and interconnected networks, considering the newest technologies and, where applicable, have the obligation to collaborate in order to implement these measures.
The providers of public electronic communications networks have the obligation to take all appropriate security measures to appropriately manage the risks posed to the integrity of electronic communications networks and services in order to guarantee the integrity of these networks and to ensure the continuity of the provision of services over these networks and, where applicable, have the obligation to collaborate in order to implement these measures.
The security and integrity of electronic communications networks and services is the ability of an electronic communications network or service to resist to accidental events or malicious actions which can compromise or affect the continuity of the provision of networks and services at a performance level equivalent to that ensured before the occurrence of the event.
The security measures are the means of risk management (of administrative, managerial, technical or legal nature), including policies, actions, plans, equipment, facilities, procedures, techniques etc. meant to remove or reduce the risks posed to the security and integrity of electronic communications networks or services.
The minimum security measures that the providers must establish and implement will cover at least the domains identified in annex no.1 to Decision no.512/2013, available here.
The providers have the obligation to assess and, if necessary, update the security measures whenever required, but at least once every 12 months.
The obligations concerning the minimum security measures, imposed on the providers of public electronic communications networks or of publicly available electronic communications services, come into force on 1 January 2014.