In a move designed to strengthen protection for Bahrain’s critical telecommunications infrastructure, the Telecommunications Regulatory Authority (TRA) released Resolution 5 of 2017, 1918regulating risk management for critical telecommunications infrastructure, in May 2017. The resolution establishes a risk management process that is closely aligned with ISO 27001:2013, sets out expectations for business continuity (ISO 22301:2012), standardises licensees’ approach to assessing and protecting the security and availability of critical telecoms infrastructure and defines licensees’ responsibilities. Licensees which install, operate or manage critical telecoms infrastructure, as well as holders of particular licences, should expect to receive, if they haven’t already, a risk management determination (RMD). Based on the RMDs, licensees are expected to adhere to two specific timelines – a three-month deadline requiring an asset inventory and an 18-month deadline requiring licensees to develop, implement and maintain a business continuity plan; ISO27001 certification; a certification audit report; and a risk assessment.
The TRA also expects business to recertify every three years and reserves the right to ask for additional risk assessments, including penetration testing. Licensees that are found to be non-compliant will be deemed to be in material breach of the telecommunications law and could face penalties and sanctions.
Keypoint is working with a number of telcos on a range of ISO certification engagements and has a skilled, seasoned team with the required credentials. More details on resolution 5 can be found in our recently released flyer . Alternatively, please contact Srikant Ranganathan at firstname.lastname@example.org or Darrshan Manukulasooriya at email@example.com.