Approval of the "Regulation on the Coordination Commission for Information Security".
DECREE OF THE PRESIDENT OF THE REPUBLIC OF AZERBAIJAN
Guided by paragraph 32 of Article 109 of the Constitution of the Republic of Azerbaijan, I make a decision regarding the implementation of Decree No. 3851 of the President of the Republic of Azerbaijan dated March 29, 2018 "On the establishment of the Coordination Commission for Information Security":
1. "Regulation on the Information Security Coordination Commission" should be approved (attached).
2. The Cabinet of Ministers of the Republic of Azerbaijan:
2.1. To prepare and submit to the President of the Republic of Azerbaijan within three months the proposals regarding the adaptation of the acts of the President of the Republic of Azerbaijan to this Decree;
2.2. Ensure that the normative legal acts of the Cabinet of Ministers of the Republic of Azerbaijan are adapted to this Decree within three months and inform the President of the Republic of Azerbaijan;
2.3. monitor the adaptation of normative legal acts of central executive authorities to this Decree and inform the President of the Republic of Azerbaijan about its implementation within five months;
2.4. resolve other issues arising from this Decree.
3. The Ministry of Justice of the Republic of Azerbaijan should ensure that the normative legal acts of the central executive authorities and acts of a normative nature are adapted to this Decree and inform the Cabinet of Ministers of the Republic of Azerbaijan.
President of the Republic of Azerbaijan
Baku, February 21, 2019
Approved by Decree No. 535 of the
President of the Republic of Azerbaijan
dated February 21, 2019
Coordination Commission for Information Security
1. General Provisions
1.1. The Coordination Commission for Information Security established in accordance with the Order of the President of the Republic of Azerbaijan No. 3851 dated March 29, 2018 (hereinafter - the Commission) ensures the security of the information space in the Republic of Azerbaijan and protects the information systems and resources of infrastructure objects of special importance for the state and society from cyber attacks organizes the coordination of the work of state institutions operating in the field of protection, prevention and investigation of such threats (hereinafter - in the relevant field).
1.2. The Commission is guided in its activities by the Constitution of the Republic of Azerbaijan, laws, decrees and orders of the President of the Republic of Azerbaijan, decisions and orders of the Cabinet of Ministers of the Republic of Azerbaijan, normative legal acts, international agreements to which the Republic of Azerbaijan is a party also by this Regulation
1.3. The commission has a service letterhead with the image of the State Emblem of the Republic of Azerbaijan.
2. Directions of action
2.0. The commission operates in the following areas:
2.0.1. assesses threats to the information security of the Republic of Azerbaijan;
2.0.2. conducts regular analyzes of the main sources, directions, forms, effects and damage of threats to the information security of the Republic of Azerbaijan;
2.0.3. prepares proposals in the relevant field;
2.0.4. coordinates the activities of relevant state institutions in the field of prevention of possible threats to the information security of the Republic of Azerbaijan, plans joint measures and ensures their implementation;
2.0.5. organizes coordination work in the field of improvement and application of the normative legal framework in the relevant field;
2.0.6. provides coordination of national capacity building work.
3.0. According to the directions of activity, the main tasks of the Commission are the following:
3.0.1. to carry out regular analyses, prepare proposals and ensure the coordination of work in the field of information security, as well as identification, evaluation and prediction of future threats and the main threats and risks related to cybercrime in the country;
3.0.2. coordinate the activities of relevant state institutions, plan and implement joint measures in order to prevent possible threats in the field of information security, including cyber security;
3.0.3. to organize prompt and efficient information exchange between the institutions operating in the field of ensuring information security and combating cybercrime in the country, expanding mutual cooperation;
3.0.4. organize coordinated work in cases of cyber-attacks and emergency cyber-threats on information systems and resources of publicly important infrastructure objects;
3.0.5. to identify without delay the source of false information that is purposefully spread against the national interests of the Republic of Azerbaijan in the Internet information resources and immediately inform the relevant institutions about it;
3.0.6. to coordinate the development and implementation of state standards, technical conditions, norms and other technical normative legal acts for information protection means and systems;
3.0.7. to provide opinions on the applications, technical conditions, and proposals received regarding the issues of ensuring information security in the country and the application of relevant technologies in this field;
3.0.8. to coordinate the development projects of software and antivirus programs used in the operation of state institutions, as well as publicly important infrastructure objects, to analyze their compliance with security requirements, as well as to consider the possibilities of using open source software;
3.0.9. to organize the involvement of private sector and civil society organizations in wider cooperation in the field of fighting cybercrime in the country;
3.0.10. to make proposals regarding the improvement of the normative legal framework and legislation in the field of information security and combating cybercrime;
3.0.11. studying the state of application of the requirements of the legislation in the field of ensuring information security and combating cybercrime, as well as relevant international standards in state institutions, as well as in public infrastructures, based on inquiries, and making suggestions for eliminating existing inconsistencies;
3.0.12. to investigate the needs of specialist resources in the country in the field of information security and combating cybercrime and to assess the organizational potential in this field, to prepare proposals for the expansion of scientific, technical and personnel potential and to coordinate relevant work;
3.0.13. review and comment on proposals, appeals on topics dedicated to scientific and technical work, efficiency, inventiveness and project-constructor work in the field of cyber security and cryptology, as well as collecting and analyzing additional proposals and initiatives for strengthening national potential;
3.0.14. to prepare proposals for the expansion of international and regional cooperation in order to ensure and strengthen information security and the fight against cybercrime, to establish scientific and technical relations with foreign countries, to prepare proposals for the development of these relations, to coordinate the study of international experience and the implementation of experience exchange;
3.0.15. to coordinate the work related to taking appropriate countermeasures against the dissemination of propaganda and disinformation against the national interests of the Republic of Azerbaijan in the Internet information space;
3.0.16. to organize activities related to mass media in order to protect the information security of the state.
4.0. In order to perform its duties, the Commission has the following rights:
4.0.1. send requests to state and local self-government bodies, as well as individuals and legal entities, to receive relevant information, materials and documents for the performance of the duties assigned by this Regulation, as well as for the comprehensive and objective investigation of received applications, and receive certificates and reports on the work done;4.0.2. təhlil və tədqiqat materialları əsasında müvafiq sahələr üzrə təkmilləşdirmə işləri aparmaq üçün təkliflər hazırlamaq;
4.0.3. to study public opinion on the fight against cybercrime;
4.0.4. to request the elimination of discovered defects and deficiencies, to prepare relevant proposals and appeals in this direction;
4.0.5. to make proposals on the drafts of normative legal acts, strategies, concepts and programs on the directions of activity;
4.0.6. participate in the development of the country's cyber security strategy;
4.0.7. legal entities specialized in the relevant fields related to scientific research, experimental-engineering, technical expertise, consulting services and propaganda work, including scientific research and educational institutions, non-governmental organizations, mass media, as well as to involve independent experts and specialists in these works;
4.0.8. conducting trainings, seminars, scientific-practical conferences and symposia, as well as issuing special bulletins and other publications.
5. Organization of the Commission's activity
5.1. The President of the Republic of Azerbaijan determines the composition of the Commission and appoints the Chairman of the Commission.
5.2. The work of the commission is led by the chairman.
5.3. Chairman of the Commission:
5.3.1. organizes the activity of the Commission and directs it;
5.3.2. divides work between members of the commission and working groups, coordinates their activities;
5.3.3. Determines the issues to be discussed together with the members of the Commission, leads the meetings of the Commission;
5.3.4. organizes the review of applications received by the commission;
5.3.5. Supervises office duties in the commission.
5.4. The Chairman of the Commission is personally responsible for the fulfillment of the duties and rights assigned to the Commission by this Regulation.
5.5. In the absence of the chairman of the commission, his powers are exercised by one of the members of the commission based on the decision of the commission.
5.6. The members of the commission and the persons included in the working group are personally responsible for the timely performance of the tasks assigned to them by this Regulation, as well as for the documents prepared, examined and signed.
5.7. Issues related to the powers of the commission are discussed at its meetings.
5.8. The meetings of the commission are held regularly, but not less than once in 3 (three) months. Meetings can be called at the initiative of the chairman of the Commission or a third of the members of the Commission.
5.9. Meetings of the commission are authorized when two thirds of its members are present.
5.10. When necessary, relevant state institutions, representatives of private companies, experts and specialists can be invited to the meetings of the Commission.
5.11. Decisions of the Commission are adopted by a simple majority of the members of the Commission present at the meeting. When the votes are equal Commission Chairman is decisive. A member of the Commission who has a special opinion during the voting can add his opinion to the adopted decision.
5.12. If the opinion of the members of the Commission is unanimous on the issue assigned to the powers of the Commission, the Chairman of the Commission can make a relevant decision without calling a meeting.
5.13. Members of the commission are independent in their activities.
5.14. The commission approves its regulations.
5.15. A Permanent Secretariat is established under the commission. The functions of the secretariat are carried out by the State Service for Special Communication and Information Security of the Republic of Azerbaijan. The Secretariat solves organizational issues related to the holding of the Commission's meetings, prepares documents related to the issues to be discussed, performs clerical work and other work.
5.16. The powers of the Secretariat are determined by the Commission.
5.17. The Commission is responsible for ensuring the security of the information space in the Republic of Azerbaijan, organizing coordinated work and implementing joint countermeasures in the event of cyber-attacks on the information systems and resources of publicly important infrastructure objects and emergency cyber-threats, and identifying without delay the source of false information spread purposefully against the national interests of the Republic of Azerbaijan in Internet information resources making and immediately informing relevant institutions about it, coordinating the work of state institutions operating in the field of prevention and investigation of threats, as well as researching technical and organizational possibilities for information security, organizing work on strengthening the theoretical legal base, preparing research and analysis materials in the field, this whether the member institutions included in the Commission for doing other works in the field in an operative and connected manner creates working groups consisting of representatives in the relevant field.
5.18. Working group members should be authorized to work with classified documents with different seals, depending on the importance of the issues under consideration. Independent experts in relevant fields may be included in the working group.
5.19. The documents prepared by the working group are discussed at the meetings of the Commission and relevant decisions are taken.