Post Accreditation Activities

Post accreditation activities are implemented within the information system that has Certificate of Security Accreditation of Information System or Interim Approval to Operate, as follows:

• audit of implemented measures and standards of information security within the information system
• security reaccreditation of information system.

audit of implemented measures and standards of information security

Audit of implemented measures and standards of information security within the information system that has Certificate of Security Accreditation of Information System or Interim Approval to Operate is performed:

• after the deadline for removal of all flows on information system has expired in accordance with corrective measures and recommendations given, or
• after any event or changes of information system that require supplementation to the security risk assessment, but do not require security reaccreditation of the information system.

security reaccreditation of information system

Request for security reaccreditation of information system that has Certificate of Security Accreditation of Information System or Interim Approval to Operate is delivered to the Information Systems Security Bureau, based upon the following:

• Certificate of Security Accreditation of Information System or Interim Approval to Operate has expired, or
• significante changes on information system that has Certificate of Security Accreditation of Information System or Interim Approval to Operate have occurred.

Security reaccreditation is conducted after the request for reaccreditation of information system is submitted, in accordance with the procedure of security accreditation of information system.