Сyber resilience and continuity policy

Сyber resilience and continuity policy

CYBER RESILIENCE AND CONTINUITY POLICY

RAOS Project Oy’s management recognizes that assuring cyber resilience and process continuity of RAOS Project Oy is the key objective of the information security management system (ISMS) and is necessary for achieving the company’s strategic goals.

RAOS Project Oy’s management undertakes to conform to the information security management, cyber resilience and process continuity requirements set forth in ISO 27001, IAEA Guidelines and Standards, STUK’s YVL Guides, the Finnish and Russian legislation, and the EPC Contract for the Hanhikivi-1 Nuclear Power Plant Project.

RAOS Project Oy’s cyber resilience and process continuity is achieved by:

  1. Defining a strategy, goals and priorities, as well as coordinating the activities aimed at creating and improving the cyber resilience and continuity system. The Information Security Committee carries out such activities.
  2. Creating and updating the register of information assets and identifying confidentiality, integrity and availability-critical assets.
  3. Identifying and managing information security risks associated with the availability of information systems and services.
  4. Applying the useful redundancy and fault tolerance principles in the design of information systems and services.
  5. Early detection of and response to information security incidents affecting the availability of information systems and services.
  6. Implementation and regular testing of information backup and recovery processes.
  7. Development, implementation, and regular testing of recovery plans.
  8. Creating backup communication channels.
  9. Training and raising awareness of employees.
  10. Conducting regular internal and external audits of the information security management system.

RAOS Project Oy’s management demonstrates commitment to the Cyber Security and Continuity Policy by adopting necessary requirements, procedures and plans, assigning specific roles and responsibilities, and allocating appropriate resources in order to implement and continually improve the information and information security management systems.

The Cyber Resilience and Continuity Policy is subject to periodic assessment, revision and updating every two years or, if necessary, at shorter time intervals to reflect changing conditions.


Managing Director
Grygorii Gromov