Valid
Document from CIS Legislation database © 2003-2025 SojuzPravoInform LLC

RESOLUTION OF THE CABINET OF MINISTERS OF THE KYRGYZ REPUBLIC

of November 4, 2025 No. 716

About approval of the Procedure for carrying out audit of cyber security

According to Item 8 parts of 1 Article 6, article 15 of the Law of the Kyrgyz Republic "About cyber security of the Kyrgyz Republic", articles 13, of the 17th constitutional Law of the Kyrgyz Republic "About the Cabinet of Ministers of the Kyrgyz Republic" the Cabinet of Ministers of the Kyrgyz Republic decides:

1. Approve the Procedure for carrying out audit of cyber security according to appendix.

2. This resolution becomes effective after fifteen days from the date of official publication.

Chairman of the Cabinet of Ministers of the Kyrgyz Republic

A. Kasymaliyev

Appendix

to the Resolution of the Cabinet of Ministers of the Kyrgyz Republic of November 4, 2025 No. 716

Procedure for carrying out audit of cyber security

Chapter 1. General provisions

1. The procedure for carrying out audit of cyber security (further – the Procedure) establishes procedure for carrying out internal, state and independent audits of cyber security of objects of critical information infrastructure (further – KII) and objects of information infrastructure of state bodies, local government bodies, the state companies and organizations, and also economic societies with the state share more than 50 percent which are not belonging to objects of critical information infrastructure, that is objects of the state information infrastructure (further – GII) the Kyrgyz Republic.

The direction of the documents provided by this Procedure is performed in electronic form by means of electronic document management system (and in case of its absence it is performed electronic version of documents, in paper form with appendix), except for reports on results of carrying out internal and independent audits of cyber security, acts of results of the state audit of cyber security and other documents of limited access which go electronic version of documents, exclusively in paper form with appendix, if necessary.

2. Internal audit of cyber security is without fail performed on objects of KII and GII at least once a year by subjects of KII and GII independently according to their organizational and administrative documents on compliance to the legislation and standards in the sphere of ensuring cyber security.

The copy of the report on results of carrying out internal audit of cyber security goes subjects of KII to authorized state body in the sphere of ensuring cyber security, and subjects of GII in authorized state body in the field of digitalization.

3. The state bodies authorized on carrying out the state audit of cyber security (further – authorized state bodies):

- the authorized state body in the sphere of ensuring cyber security performing the state audit of cyber security of objects of KII;

- the authorized state body in the field of digitalization performing the state audit of cyber security of objects of GII.

4. Substantive audit of cyber security of objects of KII and GII is performed on compliance to requirements of the legislation and to standards in the sphere of ensuring cyber security.

The decision on carrying out substantive audit of cyber security of objects of KII and GII is accepted by subjects of KII and GII independently.

Substantive audit of cyber security on objects of KII and GII is carried out by the accredited legal entities performing activities for carrying out substantive audit of cyber security according to technique of carrying out audit of the cyber security approved by the internal act of the legal entity.

In case of decision making by subjects of KII or GII about carrying out substantive audit of cyber security them the notification to the relevant authorized state body with indication of the name of the involved accredited legal entity performing activities for carrying out substantive audit of cyber security goes.

The copy of the report on results of carrying out substantive audit of cyber security of objects of KII and GII goes subjects of KII and GII to the relevant authorized state bodies.

5. The state audit is subdivided into planned state audit of cyber security (further – planned audit) and unplanned state audit of cyber security (further – unplanned audit) which terms of carrying out constitute no more than thirty working days from the date of actual start of carrying out the audit fixed in the act of planned and unplanned audits.

In case of carrying out the state audit concerning several objects of KII belonging to one subject of KII which are located in different administrative and territorial units the term of carrying out it is installed separately on each object of KII.

Reports on results of carrying out internal and independent audits of cyber security, and also acts of results of the state audit of cyber security are documents of limited access and are not subject to public distribution.

Chapter 2. Planned audit

6. The purpose of planned audit is assessment of conformity of subjects of KII and GII to requirements for ensuring cyber security.

Planned audit of objects of KII is performed taking into account their category of the importance appropriated according to the procedure No. 716 established by the resolution of the Cabinet of Ministers of the Kyrgyz Republic "About approval of the Regulations on procedure for categorization of objects of critical information infrastructure of the Kyrgyz Republic and the List of indicators of criteria of the importance of objects of critical information infrastructure of the Kyrgyz Republic" of November 29, 2024. For objects of the first category it is performed at least once in two years, the second category at least once in three years, the third category at least once in four years, with possibility of adjustment of terms depending on priorities and available resources.

Planned audit of objects of GII is performed, depending on their importance, according to the annual plan of carrying out audit of objects of GII.

7. The annual plan of carrying out planned audit affirms heads of authorized state bodies before the expiration of the year preceding year of conducting planned inspection.

8. The annual plan of carrying out planned audit contains the following information:

1) information about subjects and objects of KII and GII;

2) date and period of carrying out the last planned and unplanned audits;

3) results of the last planned and unplanned audits.

9. Subjects of KII and GII are notified by authorized state bodies not later than three working days prior to its carrying out on carrying out planned audit.

Warning!!!

This is not a full text of document! Document shown in Demo mode!

If you have active License, please Login, or get License for Full Access.

With Full access you can get: full text of document, original text of document in Russian, attachments (if exist) and see History and Statistics of your work.

Get License for Full Access Now

Disclaimer! This text was translated by AI translator and is not a valid juridical document. No warranty. No claim. More info

Effectively work with search system

Database include more 50000 documents. You can find needed documents using search system. For effective work you can mix any on documents parameters: country, documents type, date range, teams or tags.
More about search system

Get help

If you cannot find the required document, or you do not know where to begin, go to Help section.

In this section, we’ve tried to describe in detail the features and capabilities of the system, as well as the most effective techniques for working with the database.

You also may open the section Frequently asked questions. This section provides answers to questions set by users.

Search engine created by SoyuzPravoInform LLC.