Information system is any communicational, computer, or other type of electronic system within which information is processed, stored or transmitted in a way that it is usable and available to the authorized users.
Security of information systems is a field of information security within which information security measures and standards are determined for classified and unclassified information that is processed, stored or transmitted within information system. Security of information system encompasses protection of information system’s integrity and availability in the process of planning, designing, construction, usage, maintenance and the end of its life cycle.
Security accreditation of information system is a procedure for ensuring information system compliance with measures and standards of information security regulated by legal framework of the Republic of Croatia related to the field of information security, for the purpose of achieving security goals and necessary level of protection for classified information’s confidentiality, integrity and availability, and for its accompanying services and resources. This procedure identifies whether a necessary level of protection is reached, how it is maintained, as well as capability of entity authorized for managing security of information systems for which security accreditation is conducted.
Security accreditation of national and international information systems in Croatia is conducted by the Information Systems Security Bureau, in coordination with the Office of the National Security Council.
Information classified as CONFIDENTIAL, SECRET or TOP SECRET is allowed to be processed, stored and transmitted exclusively on information systems for which the Information Systems Security Bureau has conducted security accreditation and issued the Certificate of Security Accreditation for Information System or Interim Approval to Operate.