According to the PIC Law:
“Critical infrastructure (ie, those that provide essential services) whose operation is essential and do not allow alternative solutions, so its disruption or destruction would have a serious impact on essential services”.
Critical infrastructures are therefore those facilities, networks, services , physical and Information technology equipment whose disruption or destruction can have a serious impact on the health, security or the economic and social welfare of citizens or the effective operation of governments.
The purpose of this standard is, therefore, establishing measures to protect critical infrastructures that provide an adequate basis fr setting an effective coordination of the agencies managers or owners of infrastructures which provide essential services, to achieve a better security for those.
Therefore you must establish an Operator Security Plan (OSP) that will define the general policy of the operator to ensure the complete security of all facilities or systems owned or managed.
The PSO will be the planning instrument o the Protection System of Critical Infrastructure containing:
- General policy framework Operator and government
- List of Essential Services provided by the critical operator.
- Risk analysis methodology ( physical and cyber security threats).
- Application criteria of Comprehensive Security Measures .