Back Custom print Link Text Only Rich Text Print

  • Cyber Security Strategy

    • CRA-5.8.4C

      An organisation-wide cyber security strategy must be defined and documented to include:

      (a) The position and importance of cyber security at the licensee;
      (b) The primary cyber security threats and challenges facing the licensee;
      (c) The licensee’s approach to cyber security risk management;
      (d) The key elements of the cyber security strategy including objectives, principles of operation and implementation approach;
      (e) Scope of risk identification and assessment, which must include the dependencies on third party service providers;
      (f) Approach to planning response and recovery activities; and
      (g) Approach to communication with internal and external stakeholders, including sharing of information on identified threats and other intelligence among industry participants.
      Added: April 2023

    • CRA-5.8.4D

      The cyber security strategy should be communicated to the relevant stakeholders and it should be revised as necessary and, at least, once every three years. Appendix A provides cyber security control guidelines that can be used as a reference to support the licensee’s cyber security strategy and cyber security policy.

      Added: April 2023