Official Gazette, 79/2007
THE CROATIAN PARLIAMENT
Pursuant to Article 88 of the Constitution of the Republic of Croatia, I hereby issue the
DECISION
ON PROMULGATING THE INFORMATION SECURITY ACT
I hereby promulgate the Information Security Act, passed by the Croatian Parliament at its
session on 13 July 2007.
Class: 011-01/07-01/98
Reg. No.: 71-05-03/1-07-2
Zagreb, 18 July 2007
The President of the Republic of Croatia
Stjepan Mesić, m.p.
INFORMATION SECURITY ACT
I BASIC PROVISIONS
Article 1
(1) This Act establishes the notion of information security, information security measures and
standards, information security areas and competent authorities for the adoption,
implementation and oversight of information security measures and standards.
(2) This Act applies to state authorities, local and regional self-government bodies and legal
persons with public authority who, within their scope of work, use classified and unclassified
data.
(3) This Act also applies to legal and natural persons who gain access to or handle classified
and unclassified data.
Article 2
Particular notions within the meaning of this Act shall have the following meaning:
- information security is the state of confidentiality, integrity and availability of
information, which is achieved by implementation of stipulated information security
measures and standards and by organisational support for jobs of planning,
implementation, assessment and update of measures and standards.
- information security measures are general rules of data protection which are realized on
the physical, technical and organisational level.
- information security standards are organisational and technical procedures and
solutions intended for systematic and standardized implementation of stipulated
information security measures.
- information security areas represent a division of information security field into five
areas with the goal of systematic and effective realization of adoption, implementation
and oversight of information security measures and standards.
1