Skip to content
  • Español
Menu
  • Español
  • Services
  • Knowledge
  • People
    • Partners
    • Directors
    • Associates
    • Chemists and Chemical Engineers
    • Our lawyers
  • The firm
    • The Firm
    • Recognitions
    • Alliances and Memberships
    • Pro Bono
    • Work with us
  • Contact Us
Menu
  • Services
  • Knowledge
  • People
    • Partners
    • Directors
    • Associates
    • Chemists and Chemical Engineers
    • Our lawyers
  • The firm
    • The Firm
    • Recognitions
    • Alliances and Memberships
    • Pro Bono
    • Work with us
  • Contact Us
Menu
  • Services
  • Knowledge
  • People
    • Partners
    • Directors
    • Associates
    • Chemists and Chemical Engineers
    • Our lawyers
  • The firm
    • The Firm
    • Recognitions
    • Alliances and Memberships
    • Pro Bono
    • Work with us
  • Contact Us
×
  • Legal Update, Telecomunications

General guidelines to strengthen the governance of digital security

  • March 24,2022
Share

General guidelines to strengthen the governance of digital security, the
identification of critical cybernetic infrastructures and essential services, risk
management, and response to digital security incidents

The National Government issued Decree 338 of March 8, 2022, which added a new title to Decree 1078 of 2015, Decree of the ICT sector, to strengthen digital governance, the identification of critical cyber infrastructures and essential services, risk management, and response to digital security incidents.

Decree 338 of 2022 partially regulates articles 64 of Law 1437 of 2011, referring to standards and protocols that public entities must comply with the application of electronic media in administrative procedures, and articles 147 and 148 of Law 1955 of 2019 about digital transformation and digital government policy regarding cybersecurity.

For whom does Decree 338 of 2022 apply?

  • Entities of the Public Administration under the terms of article 39 of Law 489 of 1998 and individuals that perform public or administrative functions.
  • Entities of the legislative and judicial branches, control, and independent entities, recognizing their autonomy from the administration.

Private legal entities that provide services for managing critical cybernetic infrastructures or providing essential services may apply the provisions in this decree if they are not contrary to their nature or to the requirements that regulate their activity or service.

What is the scope of Decree 338 of 2022?

This regulation establishes that the governance of digital security will be based on the general principles of the administrative function, ICT, the administrative procedure, the processing of personal data, and the Digital Government policy. Likewise, it introduces the following as particular principles:

  • Trust
  • Coordination
  • Multi-stakeholder collaboration
  • Cooperation
  • Approach based on risk management
  • Free-of-charge
  • Inclusion
  • Proportionality
  • Safeguarding the human rights and fundamental values of citizens
  • Efficient use of infrastructure and resources to protect critical cyber infrastructure and essential services

The norm establishes a digital security governance model, whose guidelines and standards will be defined by the ICT Ministry to strengthen digital security, the protection of networks, critical infrastructures, essential services, and information systems in Cyberspace. The National Digital Security Coordination, the National Digital Security Committee, the Digital Security Working Groups, the Digital Security Worktables, and the Unified Digital Security Command Posts will implement the model according to the functions established in the decree.

In terms of critical cybernetic infrastructures and essential services, the ICT Ministry will formulate the inventory of critical public cybernetic infrastructures and essential services in cyberspace, which will be updated every two years. The methodology will be defined within 12 months to establish which infrastructures are critical cybernetic and essential services. In addition, the authorities that own essential critical infrastructure will have a series of obligations according to the regulation.

Finally, the regulation indicates that the ICT Ministry will establish the variables to define a significant impact on critical infrastructure. A national model for incident care and management is arranged and will be executed by the Cybernetic Emergency Response Team of Colombia (COLCERT), the Digital Security Incident Response Team for government sector entities (GOVERNMENT CSIRT), and the Cyber Security Incident Response Team for sectors defined as critical or essential service providers – (CSIRT – SECTORIAL) under the terms of the decree.

Author: Camilo Millán I [email protected] I TMT

Featured lawyers in
this solution

Featured lawyers
in this solution

Loading...
Gustavo Tamayo
  • [email protected]

Practice areas

Loading...
Technology, Media & Telecommunications (TMT)

Contact US

Learn more about this ​​practice area, leave us your details to get in touch.
Follow Us:
Twitter
Links
  • Services
  • Knowledge
  • People
  • The firm
  • Contact Us
Menu
  • Services
  • Knowledge
  • People
  • The firm
  • Contact Us
Contact information Bogotá


Address: Calle 72 No 5-83 Piso 5
PBX: (+57 601) 326 42 70 
Fax: (+57 601) 606 97 00
Email: [email protected]

Link

  • Services
  • Knowledge
  • People
    • Partners
    • Directors
    • Associates
    • Chemists and Chemical Engineers
    • Our lawyers
  • The firm
    • The Firm
    • Recognitions
    • Alliances and Memberships
    • Pro Bono
    • Work with us
  • Contact Us
Menu
  • Services
  • Knowledge
  • People
    • Partners
    • Directors
    • Associates
    • Chemists and Chemical Engineers
    • Our lawyers
  • The firm
    • The Firm
    • Recognitions
    • Alliances and Memberships
    • Pro Bono
    • Work with us
  • Contact Us

Contact information Bogotá


Address: Calle 72 No 5-83 Piso 5
PBX: (+57 1) 326 42 70 – (+57 1) 606 97 00
Fax: (+57 1) 606 97 00
Email: [email protected]

All rights reserved LLOREDA CAMACHO & CO 2023

Privacy policy

SAGRILAFT