ORDER OF THE MINISTER OF INDUSTRY AND CONSTRUCTION OF THE REPUBLIC OF KAZAKHSTAN

of September 16, 2025 No. 370

About approval of Rules for ensuring information security in the sphere of water supply and (or) water disposal

According to subitem 10-43) of article 10-2 of the Law of the Republic of Kazakhstan "About the housing relations" PRIKAZYVAYU:

1. Approve the enclosed Rules for ensuring information security in the sphere of water supply and (or) water disposal.

2. To provide to department of digital transformation of the Industry ministry and construction of the Republic of Kazakhstan in the procedure established by the legislation:

1) state registration of this order in the Ministry of Justice of the Republic of Kazakhstan;

2) placement of this order on Internet resource of the Industry ministry and construction of the Republic of Kazakhstan after its official publication.

3. To impose control of execution of this order on the supervising vice-Minister of Industry and construction of the Republic of Kazakhstan.

4. This order becomes effective after ten calendar days after day of its first official publication.

Approved by the Order of the Minister of Industry and construction of the Republic of Kazakhstan of September 16, 2025 No. 370

Rules for ensuring information security in the sphere of water supply and (or) water disposal

Chapter 1. General provisions

1. These rules for ensuring information security in the sphere of water supply and (or) water disposal (further - Rules) it is developed according to subitem 10-43) of article 10-2 of the Law of the Republic of Kazakhstan "About the housing relations" and establishes requirements to ensuring information security of crucial objects of information communication infrastructure of the sphere of water supply and (or) water disposal.

2. Objects of information security of the industry center in the sphere of water supply and (or) water disposal (further - the Industry center) are industrial management systems which represent basis of engineering procedures of subjects of water supply and (or) water disposal.

3. For the purpose of ensuring information security in the sphere of water supply and (or) water disposal the Industry center performing coordination and methodological management, creation of the single protected information space and increase in resistance of crucial objects to threats of information security functions.

4. The purposes of ensuring information security in the sphere of water supply and (or) water disposal are:

1) ensuring confidentiality, integrity and availability of information processed in information systems including integration locks, applied services, the user interfaces and infrastructure;

2) providing continuity of the main business processes;

3) ensuring single approach to management of information security, including centralized risk management, access, incidents and measures of protection;

4) effective response to modern threats and risks in information security field;

5) risk minimization, arising in case of operation, development, maintenance and integration of information systems regarding transfer and data processing;

6) ensuring fulfillment of requirements of the legislation, regulations and standards in the sphere of informatization.

5. Tasks of ensuring information security in the sphere of water supply and (or) water disposal are:

1) to include Rules of information security at all stages of lifecycle of information systems and its components: designing, development, testing, commissioning, maintenance and conclusion from operation;

2) to differentiate accesses for employees to hardware, program and information resources;

3) to implement procedures of regular identification, the analysis, assessment and risk management of information security, connected with operation and integration of information systems;

4) to perform regular check by carrying out internal audits of information security on observance of requirements of policy and efficiency of the realized information measures of protection;

5) to provide fulfillment of requirements of the legislation, regulations and standards in the sphere of informatization.

6. The industry center when implementing the activities is guided by the Single requirements in the field of information and communication technologies and ensuring information security approved by the order of the Government of the Republic of Kazakhstan of December 20, 2016 No. 832.

Division of information security of the industry center if necessary request information necessary for the analysis and assessment of threats of information security from subjects of water supply and (or) water disposal, develop methodical documents, obligatory for execution, conditions of security of information and communication systems perform, and also create plans of elimination of the revealed violations with indication of terms of their execution.

7. In this Procedure terms and determinations, stipulated by the legislation in the sphere of informatization are used.

Chapter 2. Procedure for ensuring information security in the sphere of water supply and (or) water disposal

8. For ensuring information security the Industry center performs monitoring of threats of information security with use of modern systems, performing data collection from the organizations of water supply and (or) water disposal connected to the Industry center.

9. All arriving data are analyzed using methods of machine training and the behavioural analysis for detection of abnormal activity. Special attention is paid to detection of the target attacks to industrial management systems which can lead to violations of engineering procedures.

10. For rapid response to incidents of information security in the Industry center is effective the three-level classification system of threats from which:

Disclaimer! This text was translated by AI translator and is not a valid juridical document. No warranty. No claim. More info