{"id":12691,"date":"2026-06-16T08:03:12","date_gmt":"2026-06-16T06:03:12","guid":{"rendered":"https:\/\/cybrela.com\/?p=12691"},"modified":"2026-06-16T08:03:16","modified_gmt":"2026-06-16T06:03:16","slug":"responsibilities-management-cyber-security-act","status":"publish","type":"post","link":"https:\/\/competent-turing.176-102-64-80.plesk.page\/en\/povinnosti-vedeni-podle-kyberzakona\/","title":{"rendered":"Management responsibilities according to the Czech Cybersecurity Act"},"content":{"rendered":"<div data-elementor-type=\"wp-post\" data-elementor-id=\"12691\" class=\"elementor elementor-12691\" data-elementor-post-type=\"post\">\n\t\t\t\t<div class=\"elementor-element elementor-element-7d302fe0 e-con-full e-flex e-con e-parent\" data-id=\"7d302fe0\" data-element_type=\"container\" data-e-type=\"container\" data-settings=\"{&quot;jet_parallax_layout_list&quot;:[]}\">\n\t\t\t\t<div class=\"elementor-element elementor-element-b94fd10 elementor-widget elementor-widget-post-info\" data-id=\"b94fd10\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"post-info.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<ul class=\"elementor-inline-items elementor-icon-list-items elementor-post-info\">\n\t\t\t\t\t\t\t\t<li class=\"elementor-icon-list-item elementor-repeater-item-898dc3a elementor-inline-item\">\n\t\t\t\t\t\t\t\t\t\t<span class=\"elementor-icon-list-icon\">\n\t\t\t\t\t\t\t\t<i aria-hidden=\"true\" class=\"fas fa-user\"><\/i>\t\t\t\t\t\t\t<\/span>\n\t\t\t\t\t\t\t\t\t<span class=\"elementor-icon-list-text elementor-post-info__item elementor-post-info__item--type-custom\">\n\t\t\t\t\t\t\t\t\t\tBarbora Arnold\t\t\t\t\t<\/span>\n\t\t\t\t\t\t\t\t<\/li>\n\t\t\t\t<li class=\"elementor-icon-list-item elementor-repeater-item-5622694 elementor-inline-item\" itemprop=\"datePublished\">\n\t\t\t\t\t\t\t\t\t\t<span class=\"elementor-icon-list-icon\">\n\t\t\t\t\t\t\t\t<i aria-hidden=\"true\" class=\"fas fa-calendar-alt\"><\/i>\t\t\t\t\t\t\t<\/span>\n\t\t\t\t\t\t\t\t\t<span class=\"elementor-icon-list-text elementor-post-info__item elementor-post-info__item--type-date\">\n\t\t\t\t\t\t\t\t\t\t<time>16. June 2026<\/time>\t\t\t\t\t<\/span>\n\t\t\t\t\t\t\t\t<\/li>\n\t\t\t\t<li class=\"elementor-icon-list-item elementor-repeater-item-c750f0b elementor-inline-item\">\n\t\t\t\t\t\t\t\t\t\t<span class=\"elementor-icon-list-icon\">\n\t\t\t\t\t\t\t\t<i aria-hidden=\"true\" class=\"far fa-clock\"><\/i>\t\t\t\t\t\t\t<\/span>\n\t\t\t\t\t\t\t\t\t<span class=\"elementor-icon-list-text elementor-post-info__item elementor-post-info__item--type-custom\">\n\t\t\t\t\t\t\t\t\t\t13 min \u010dten\u00ed\t\t\t\t\t<\/span>\n\t\t\t\t\t\t\t\t<\/li>\n\t\t\t\t<\/ul>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t<div class=\"elementor-element elementor-element-d5420dd e-con-full e-flex e-con e-child\" data-id=\"d5420dd\" data-element_type=\"container\" data-e-type=\"container\" data-settings=\"{&quot;jet_parallax_layout_list&quot;:[]}\">\n\t\t\t\t<div class=\"elementor-element elementor-element-13c2ca40 elementor-widget elementor-widget-text-editor\" data-id=\"13c2ca40\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p>With the new Cybersecurity Act, responsibility for cybersecurity has gradually shifted to where the EU's NIS2 Directive says it belongs \u2013 to the level of an organization's leadership. For statutory bodies, managing directors, and top management, this means one essential thing. The performance of certain activities can be delegated to the IT department or to suppliers, but responsibility for cybersecurity remains with management. What requirements does the Cybersecurity Act place on management, and how do they differ depending on the regime of obligations?<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-e7d687d elementor-widget-divider--separator-type-pattern elementor-widget-divider--no-spacing elementor-widget-divider--view-line elementor-widget elementor-widget-divider\" data-id=\"e7d687d\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"divider.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<div class=\"elementor-divider\" style=\"--divider-pattern-url: url(&quot;data:image\/svg+xml,%3Csvg xmlns=&#039;http:\/\/www.w3.org\/2000\/svg&#039; preserveAspectRatio=&#039;xMidYMid meet&#039; overflow=&#039;visible&#039; height=&#039;100%&#039; viewBox=&#039;0 0 126 26&#039; fill=&#039;black&#039; stroke=&#039;none&#039;%3E%3Cpath d=&#039;M3,10.2c2.6,0,2.6,2,2.6,3.2S4.4,16.5,3,16.5s-3-1.4-3-3.2S0.4,10.2,3,10.2z M18.8,10.2c1.7,0,3.2,1.4,3.2,3.2s-1.4,3.2-3.2,3.2c-1.7,0-3.2-1.4-3.2-3.2S17,10.2,18.8,10.2z M34.6,10.2c1.5,0,2.6,1.4,2.6,3.2s-0.5,3.2-1.9,3.2c-1.5,0-3.4-1.4-3.4-3.2S33.1,10.2,34.6,10.2z M50.5,10.2c1.7,0,3.2,1.4,3.2,3.2s-1.4,3.2-3.2,3.2c-1.7,0-3.3-0.9-3.3-2.6S48.7,10.2,50.5,10.2z M66.2,10.2c1.5,0,3.4,1.4,3.4,3.2s-1.9,3.2-3.4,3.2c-1.5,0-2.6-0.4-2.6-2.1S64.8,10.2,66.2,10.2z M82.2,10.2c1.7,0.8,2.6,1.4,2.6,3.2s-0.1,3.2-1.6,3.2c-1.5,0-3.7-1.4-3.7-3.2S80.5,9.4,82.2,10.2zM98.6,10.2c1.5,0,2.6,0.4,2.6,2.1s-1.2,4.2-2.6,4.2c-1.5,0-3.7-0.4-3.7-2.1S97.1,10.2,98.6,10.2z M113.4,10.2c1.2,0,2.2,0.9,2.2,3.2s-0.1,3.2-1.3,3.2s-3.1-1.4-3.1-3.2S112.2,10.2,113.4,10.2z&#039;\/%3E%3C\/svg%3E&quot;);\">\n\t\t\t<span class=\"elementor-divider-separator\">\n\t\t\t\t\t\t<\/span>\n\t\t<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-780fa6d elementor-widget elementor-widget-heading\" data-id=\"780fa6d\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<h2 class=\"elementor-heading-title elementor-size-default\">Why is cybersecurity addressed at the management level<\/h2>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-81daa5b elementor-widget elementor-widget-text-editor\" data-id=\"81daa5b\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\tThe principle of the new act is fairly simple. <strong>Senior management bears responsibility for how the organization functions from a security perspective<\/strong>. This means it is management that is responsible for ensuring the organization knows its key services and processes, understands the <a href=\"https:\/\/cybrela.com\/slovnik\/riziko\/\" target=\"_blank\" rel=\"noopener\">risks<\/a>that may threaten it, and is prepared both to handle operational disruptions and to continue operating after an incident. At the same time, cybersecurity <strong>does not stand apart<\/strong> as an isolated technical issue. It is part of the organization's overall risk management, much like financial, operational, or legal risks. A cyber incident can cause<strong> service outages, financial loss, and reputational damage<\/strong>. Management must therefore treat it as a routine part of strategic decision-making.\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-55ded10 elementor-alert-warning elementor-widget elementor-widget-alert\" data-id=\"55ded10\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"alert.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<div class=\"elementor-alert\" role=\"alert\">\n\n\t\t\t\n\t\t\t\t\t\t<span class=\"elementor-alert-description\">Management's role is, of course, not to configure systems. Its role lies in deciding which risks to reduce, which to accept, and what resources to commit to managing them.<\/span>\n\t\t\t\n\t\t\t\n\t\t<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-709d465 elementor-widget elementor-widget-text-editor\" data-id=\"709d465\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p>The term \"senior management\" itself is also important. The implementing decrees of the Cybersecurity Act interpret it more broadly than just the statutory body. It includes the statutory body, but also any other person or group of persons in a comparable managerial position. The obligations therefore do not target only the managing director listed in the register, but <strong>everyone who actually runs the organization<\/strong>.<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-a0f07cc elementor-widget-divider--separator-type-pattern elementor-widget-divider--no-spacing elementor-widget-divider--view-line elementor-widget elementor-widget-divider\" data-id=\"a0f07cc\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"divider.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<div class=\"elementor-divider\" style=\"--divider-pattern-url: url(&quot;data:image\/svg+xml,%3Csvg xmlns=&#039;http:\/\/www.w3.org\/2000\/svg&#039; preserveAspectRatio=&#039;xMidYMid meet&#039; overflow=&#039;visible&#039; height=&#039;100%&#039; viewBox=&#039;0 0 126 26&#039; fill=&#039;black&#039; stroke=&#039;none&#039;%3E%3Cpath d=&#039;M3,10.2c2.6,0,2.6,2,2.6,3.2S4.4,16.5,3,16.5s-3-1.4-3-3.2S0.4,10.2,3,10.2z M18.8,10.2c1.7,0,3.2,1.4,3.2,3.2s-1.4,3.2-3.2,3.2c-1.7,0-3.2-1.4-3.2-3.2S17,10.2,18.8,10.2z M34.6,10.2c1.5,0,2.6,1.4,2.6,3.2s-0.5,3.2-1.9,3.2c-1.5,0-3.4-1.4-3.4-3.2S33.1,10.2,34.6,10.2z M50.5,10.2c1.7,0,3.2,1.4,3.2,3.2s-1.4,3.2-3.2,3.2c-1.7,0-3.3-0.9-3.3-2.6S48.7,10.2,50.5,10.2z M66.2,10.2c1.5,0,3.4,1.4,3.4,3.2s-1.9,3.2-3.4,3.2c-1.5,0-2.6-0.4-2.6-2.1S64.8,10.2,66.2,10.2z M82.2,10.2c1.7,0.8,2.6,1.4,2.6,3.2s-0.1,3.2-1.6,3.2c-1.5,0-3.7-1.4-3.7-3.2S80.5,9.4,82.2,10.2zM98.6,10.2c1.5,0,2.6,0.4,2.6,2.1s-1.2,4.2-2.6,4.2c-1.5,0-3.7-0.4-3.7-2.1S97.1,10.2,98.6,10.2z M113.4,10.2c1.2,0,2.2,0.9,2.2,3.2s-0.1,3.2-1.3,3.2s-3.1-1.4-3.1-3.2S112.2,10.2,113.4,10.2z&#039;\/%3E%3C\/svg%3E&quot;);\">\n\t\t\t<span class=\"elementor-divider-separator\">\n\t\t\t\t\t\t<\/span>\n\t\t<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-a34c92b elementor-widget elementor-widget-heading\" data-id=\"a34c92b\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<h2 class=\"elementor-heading-title elementor-size-default\">A shared foundation: management obligations for both the lower and higher regimes<\/h2>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-9b1f65a elementor-widget elementor-widget-text-editor\" data-id=\"9b1f65a\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p>Under the lower-obligation regime, the requirements for senior management are set out in <a href=\"https:\/\/e-sbirka.gov.cz\/sb\/2025\/410#par_4\" target=\"_blank\" rel=\"noopener\"><strong>Section 4 of Decree No. 410\/2025 Coll.<\/strong><\/a> This is a complete foundation that is the same for the higher regime as well; the higher regime merely adds further obligations to it. The lower-regime obligations that the higher regime then elaborates on include:<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-9a438a7 elementor-widget elementor-widget-n-accordion\" data-id=\"9a438a7\" data-element_type=\"widget\" data-e-type=\"widget\" data-settings=\"{&quot;default_state&quot;:&quot;all_collapsed&quot;,&quot;max_items_expended&quot;:&quot;multiple&quot;,&quot;n_accordion_animation_duration&quot;:{&quot;unit&quot;:&quot;ms&quot;,&quot;size&quot;:400,&quot;sizes&quot;:[]}}\" data-widget_type=\"nested-accordion.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<div class=\"e-n-accordion\" aria-label=\"Accordion. Open links with Enter or Space, close with Escape, and navigate with Arrow Keys\">\n\t\t\t\t\t\t<details id=\"e-n-accordion-item-1610\" class=\"e-n-accordion-item\" >\n\t\t\t\t<summary class=\"e-n-accordion-item-title\" data-accordion-index=\"1\" tabindex=\"0\" aria-expanded=\"false\" aria-controls=\"e-n-accordion-item-1610\" >\n\t\t\t\t\t<span class='e-n-accordion-item-title-header'><div class=\"e-n-accordion-item-title-text\"> Completing security training <\/div><\/span>\n\t\t\t\t\t\t\t<span class='e-n-accordion-item-title-icon'>\n\t\t\t<span class='e-opened' ><i aria-hidden=\"true\" class=\"fas fa-chevron-up\"><\/i><\/span>\n\t\t\t<span class='e-closed'><i aria-hidden=\"true\" class=\"fas fa-chevron-down\"><\/i><\/span>\n\t\t<\/span>\n\n\t\t\t\t\t\t<\/summary>\n\t\t\t\t<div role=\"region\" aria-labelledby=\"e-n-accordion-item-1610\" class=\"elementor-element elementor-element-11bc27f e-con-full e-flex e-con e-child\" data-id=\"11bc27f\" data-element_type=\"container\" data-e-type=\"container\" data-settings=\"{&quot;jet_parallax_layout_list&quot;:[]}\">\n\t\t\t\t<div class=\"elementor-element elementor-element-bb5d634 elementor-widget elementor-widget-text-editor\" data-id=\"bb5d634\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p class=\"translation-block\">Management must demonstrably <strong>undergo training<\/strong> focused on its obligations under the act and on the organization's security policies. It should understand how risks, measures, and their impacts on the organization's operations relate to one another. The goal is not to turn management into technicians. The goal is to enable it to <strong>make informed decisions<\/strong>. Training should not be a one-off \u2013 ideally it is repeated at least once a year.<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/details>\n\t\t\t\t\t\t<details id=\"e-n-accordion-item-1611\" class=\"e-n-accordion-item\" >\n\t\t\t\t<summary class=\"e-n-accordion-item-title\" data-accordion-index=\"2\" tabindex=\"-1\" aria-expanded=\"false\" aria-controls=\"e-n-accordion-item-1611\" >\n\t\t\t\t\t<span class='e-n-accordion-item-title-header'><div class=\"e-n-accordion-item-title-text\"> Designating a person responsible for cybersecurity <\/div><\/span>\n\t\t\t\t\t\t\t<span class='e-n-accordion-item-title-icon'>\n\t\t\t<span class='e-opened' ><i aria-hidden=\"true\" class=\"fas fa-chevron-up\"><\/i><\/span>\n\t\t\t<span class='e-closed'><i aria-hidden=\"true\" class=\"fas fa-chevron-down\"><\/i><\/span>\n\t\t<\/span>\n\n\t\t\t\t\t\t<\/summary>\n\t\t\t\t<div role=\"region\" aria-labelledby=\"e-n-accordion-item-1611\" class=\"elementor-element elementor-element-2756706 e-con-full e-flex e-con e-child\" data-id=\"2756706\" data-element_type=\"container\" data-e-type=\"container\" data-settings=\"{&quot;jet_parallax_layout_list&quot;:[]}\">\n\t\t\t\t<div class=\"elementor-element elementor-element-794ff3b elementor-widget elementor-widget-text-editor\" data-id=\"794ff3b\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p class=\"translation-block\">Management must <strong>designate a person responsible for cybersecurity<\/strong>. This person serves as management's main support for the entire agenda. They handle the management and development of cybersecurity, oversee its status, and communicate with senior management. This may be an employee of the organization, a trained colleague, or a supplier.<\/p><p class=\"translation-block\">What matters is that they have the necessary <strong>expertise as well as the authority<\/strong> without which they cannot fulfil this role. In practice, this also means having a process in place for regular communication with management. It is through this person that information about threats, risks, the status of measures, and changes that may affect security reaches management.<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/details>\n\t\t\t\t\t\t<details id=\"e-n-accordion-item-1612\" class=\"e-n-accordion-item\" >\n\t\t\t\t<summary class=\"e-n-accordion-item-title\" data-accordion-index=\"3\" tabindex=\"-1\" aria-expanded=\"false\" aria-controls=\"e-n-accordion-item-1612\" >\n\t\t\t\t\t<span class='e-n-accordion-item-title-header'><div class=\"e-n-accordion-item-title-text\"> Ensure availability of resources <\/div><\/span>\n\t\t\t\t\t\t\t<span class='e-n-accordion-item-title-icon'>\n\t\t\t<span class='e-opened' ><i aria-hidden=\"true\" class=\"fas fa-chevron-up\"><\/i><\/span>\n\t\t\t<span class='e-closed'><i aria-hidden=\"true\" class=\"fas fa-chevron-down\"><\/i><\/span>\n\t\t<\/span>\n\n\t\t\t\t\t\t<\/summary>\n\t\t\t\t<div role=\"region\" aria-labelledby=\"e-n-accordion-item-1612\" class=\"elementor-element elementor-element-2c7c16f e-con-full e-flex e-con e-child\" data-id=\"2c7c16f\" data-element_type=\"container\" data-e-type=\"container\" data-settings=\"{&quot;jet_parallax_layout_list&quot;:[]}\">\n\t\t\t\t<div class=\"elementor-element elementor-element-9b8b282 elementor-widget elementor-widget-text-editor\" data-id=\"9b8b282\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p class=\"translation-block\">Management is to ensure the resources needed for cybersecurity. This is not only about money; it also includes people, tools, technologies, and time. <strong>The scope of resources should correspond to the services the organization provides<\/strong>, how important they are to it, and what impact their outage would have. The minimum will look one way for a smaller support service and quite another for a service on which the entire organization's operations depend.<\/p><p>In practice, this means a budget for adequate measures, the capacity of people who actually handle the agenda, the tools needed to manage security, and also time for training employees, regular evaluation, and decision-making.<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/details>\n\t\t\t\t\t\t<details id=\"e-n-accordion-item-1613\" class=\"e-n-accordion-item\" >\n\t\t\t\t<summary class=\"e-n-accordion-item-title\" data-accordion-index=\"4\" tabindex=\"-1\" aria-expanded=\"false\" aria-controls=\"e-n-accordion-item-1613\" >\n\t\t\t\t\t<span class='e-n-accordion-item-title-header'><div class=\"e-n-accordion-item-title-text\"> Demonstrably staying informed of the status of measures being implemented <\/div><\/span>\n\t\t\t\t\t\t\t<span class='e-n-accordion-item-title-icon'>\n\t\t\t<span class='e-opened' ><i aria-hidden=\"true\" class=\"fas fa-chevron-up\"><\/i><\/span>\n\t\t\t<span class='e-closed'><i aria-hidden=\"true\" class=\"fas fa-chevron-down\"><\/i><\/span>\n\t\t<\/span>\n\n\t\t\t\t\t\t<\/summary>\n\t\t\t\t<div role=\"region\" aria-labelledby=\"e-n-accordion-item-1613\" class=\"elementor-element elementor-element-2ba8466 e-con-full e-flex e-con e-child\" data-id=\"2ba8466\" data-element_type=\"container\" data-e-type=\"container\" data-settings=\"{&quot;jet_parallax_layout_list&quot;:[]}\">\n\t\t\t\t<div class=\"elementor-element elementor-element-47c7a78 elementor-widget elementor-widget-text-editor\" data-id=\"47c7a78\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p class=\"translation-block\">The decree does not require management to design or implement individual <strong>security measures<\/strong> itself. It requires management to know their status and be able to make decisions about them. This includes measures that have been implemented, those that are planned, and those the organization has not yet implemented, including the reason why. The supporting materials are usually prepared by the <strong>person responsible for cybersecurity<\/strong>. It is up to management to evaluate them, decide on priorities, and demonstrably stay informed of them.<\/p><p class=\"translation-block\">Demonstrability can take the form of <strong>meeting minutes<\/strong>, an approved overview of measures, or another list that makes clear that management genuinely addressed the state of security. This is precisely one of the main ways an organization demonstrates that management is not just a formality in the whole agenda.<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/details>\n\t\t\t\t\t\t<details id=\"e-n-accordion-item-1614\" class=\"e-n-accordion-item\" >\n\t\t\t\t<summary class=\"e-n-accordion-item-title\" data-accordion-index=\"5\" tabindex=\"-1\" aria-expanded=\"false\" aria-controls=\"e-n-accordion-item-1614\" >\n\t\t\t\t\t<span class='e-n-accordion-item-title-header'><div class=\"e-n-accordion-item-title-text\"> Supporting continuous improvement of cybersecurity <\/div><\/span>\n\t\t\t\t\t\t\t<span class='e-n-accordion-item-title-icon'>\n\t\t\t<span class='e-opened' ><i aria-hidden=\"true\" class=\"fas fa-chevron-up\"><\/i><\/span>\n\t\t\t<span class='e-closed'><i aria-hidden=\"true\" class=\"fas fa-chevron-down\"><\/i><\/span>\n\t\t<\/span>\n\n\t\t\t\t\t\t<\/summary>\n\t\t\t\t<div role=\"region\" aria-labelledby=\"e-n-accordion-item-1614\" class=\"elementor-element elementor-element-7f78c87 e-con-full e-flex e-con e-child\" data-id=\"7f78c87\" data-element_type=\"container\" data-e-type=\"container\" data-settings=\"{&quot;jet_parallax_layout_list&quot;:[]}\">\n\t\t\t\t<div class=\"elementor-element elementor-element-c6a53c2 elementor-widget elementor-widget-text-editor\" data-id=\"c6a53c2\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p class=\"translation-block\">Cybersecurity cannot be set up once and then set aside. Organizations change; new systems, suppliers, services, and risks emerge. <strong>Management's task is therefore to support continuous improvement<\/strong>. In practice, this means removing obstacles that prevent the implementation of needed measures, approving priorities and deadlines, and responding to changes that may affect security. Typically, this would include acquisitions, mergers, the introduction of new technology, a change of a major supplier, or changes in the organization's leadership.<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/details>\n\t\t\t\t\t\t<details id=\"e-n-accordion-item-1615\" class=\"e-n-accordion-item\" >\n\t\t\t\t<summary class=\"e-n-accordion-item-title\" data-accordion-index=\"6\" tabindex=\"-1\" aria-expanded=\"false\" aria-controls=\"e-n-accordion-item-1615\" >\n\t\t\t\t\t<span class='e-n-accordion-item-title-header'><div class=\"e-n-accordion-item-title-text\"> Setting recovery priorities for key assets <\/div><\/span>\n\t\t\t\t\t\t\t<span class='e-n-accordion-item-title-icon'>\n\t\t\t<span class='e-opened' ><i aria-hidden=\"true\" class=\"fas fa-chevron-up\"><\/i><\/span>\n\t\t\t<span class='e-closed'><i aria-hidden=\"true\" class=\"fas fa-chevron-down\"><\/i><\/span>\n\t\t<\/span>\n\n\t\t\t\t\t\t<\/summary>\n\t\t\t\t<div role=\"region\" aria-labelledby=\"e-n-accordion-item-1615\" class=\"elementor-element elementor-element-0fb12c6 e-con-full e-flex e-con e-child\" data-id=\"0fb12c6\" data-element_type=\"container\" data-e-type=\"container\" data-settings=\"{&quot;jet_parallax_layout_list&quot;:[]}\">\n\t\t\t\t<div class=\"elementor-element elementor-element-d9a6aad elementor-widget elementor-widget-text-editor\" data-id=\"d9a6aad\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p class=\"translation-block\">Management is to set recovery priorities for <a href=\"https:\/\/cybrela.com\/slovnik\/aktivum\/\" target=\"_self\">primary assets<\/a>. In practical terms, this is a decision about what must be <strong>restored first<\/strong> after an incident or outage, <strong>because the provision of the regulated service depends on it<\/strong>. These decisions are not made in a vacuum. Management should make them together with people who understand operations, technologies, contractual obligations, and the impacts on the customers or users of the service.<\/p><p class=\"translation-block\">The result should be a clear answer to the questions: <strong>which services and processes are most important to the organization<\/strong>, how long an outage it can afford, and how much data loss would already mean a problem for operations, finances, or contractual obligations. These obligations are logically interconnected. They begin with management knowing what the organization rests on and who is to manage security.<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/details>\n\t\t\t\t\t<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-0c0bf7b elementor-widget-divider--separator-type-pattern elementor-widget-divider--no-spacing elementor-widget-divider--view-line elementor-widget elementor-widget-divider\" data-id=\"0c0bf7b\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"divider.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<div class=\"elementor-divider\" style=\"--divider-pattern-url: url(&quot;data:image\/svg+xml,%3Csvg xmlns=&#039;http:\/\/www.w3.org\/2000\/svg&#039; preserveAspectRatio=&#039;xMidYMid meet&#039; overflow=&#039;visible&#039; height=&#039;100%&#039; viewBox=&#039;0 0 126 26&#039; fill=&#039;black&#039; stroke=&#039;none&#039;%3E%3Cpath d=&#039;M3,10.2c2.6,0,2.6,2,2.6,3.2S4.4,16.5,3,16.5s-3-1.4-3-3.2S0.4,10.2,3,10.2z M18.8,10.2c1.7,0,3.2,1.4,3.2,3.2s-1.4,3.2-3.2,3.2c-1.7,0-3.2-1.4-3.2-3.2S17,10.2,18.8,10.2z M34.6,10.2c1.5,0,2.6,1.4,2.6,3.2s-0.5,3.2-1.9,3.2c-1.5,0-3.4-1.4-3.4-3.2S33.1,10.2,34.6,10.2z M50.5,10.2c1.7,0,3.2,1.4,3.2,3.2s-1.4,3.2-3.2,3.2c-1.7,0-3.3-0.9-3.3-2.6S48.7,10.2,50.5,10.2z M66.2,10.2c1.5,0,3.4,1.4,3.4,3.2s-1.9,3.2-3.4,3.2c-1.5,0-2.6-0.4-2.6-2.1S64.8,10.2,66.2,10.2z M82.2,10.2c1.7,0.8,2.6,1.4,2.6,3.2s-0.1,3.2-1.6,3.2c-1.5,0-3.7-1.4-3.7-3.2S80.5,9.4,82.2,10.2zM98.6,10.2c1.5,0,2.6,0.4,2.6,2.1s-1.2,4.2-2.6,4.2c-1.5,0-3.7-0.4-3.7-2.1S97.1,10.2,98.6,10.2z M113.4,10.2c1.2,0,2.2,0.9,2.2,3.2s-0.1,3.2-1.3,3.2s-3.1-1.4-3.1-3.2S112.2,10.2,113.4,10.2z&#039;\/%3E%3C\/svg%3E&quot;);\">\n\t\t\t<span class=\"elementor-divider-separator\">\n\t\t\t\t\t\t<\/span>\n\t\t<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-5d37552 elementor-widget elementor-widget-jet-table\" data-id=\"5d37552\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"jet-table.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<div class=\"elementor-jet-table jet-elements\">\n\t\t<div class=\"jet-table-wrapper jet-table-responsive-mobile\">\n\t\t\t<table class=\"jet-table jet-table--fa5-compat\">\n\t\t\t\t<thead class=\"jet-table__head\"><tr class=\"jet-table__head-row\"><th class=\"jet-table__cell elementor-repeater-item-8d1549c jet-table__head-cell\" scope=\"col\"><div class=\"jet-table__cell-inner\"><div class=\"jet-table__cell-content\"><\/div><\/div><\/th><th class=\"jet-table__cell elementor-repeater-item-7df95a9 jet-table__head-cell\" scope=\"col\"><div class=\"jet-table__cell-inner\"><div class=\"jet-table__cell-content\"><div class=\"jet-table__cell-text\">Lower regime<\/div><\/div><\/div><\/th><th class=\"jet-table__cell elementor-repeater-item-3fcdc35 jet-table__head-cell\" scope=\"col\"><div class=\"jet-table__cell-inner\"><div class=\"jet-table__cell-content\"><div class=\"jet-table__cell-text\">Higher regime<\/div><\/div><\/div><\/th><\/tr><\/thead>\n\t\t\t\t\t\t\t\t<tbody class=\"jet-table__body\"><tr class=\"jet-table__body-row elementor-repeater-item-0d45275\"><th class=\"jet-table__cell elementor-repeater-item-26fb80b jet-table__head-cell\" scope=\"row\"><div class=\"jet-table__cell-inner\"><div class=\"jet-table__cell-content\"><div class=\"jet-table__cell-text\">Management framework<\/div><\/div><\/div><\/th><td class=\"jet-table__cell elementor-repeater-item-eb19942 jet-table__body-cell\"><div class=\"jet-table__cell-inner\"><div class=\"jet-table__cell-content\"><div class=\"jet-table__cell-text\">Ensuring minimum cybersecurity<\/div><\/div><\/div><\/td><td class=\"jet-table__cell elementor-repeater-item-5b0acec jet-table__body-cell\"><div class=\"jet-table__cell-inner\"><div class=\"jet-table__cell-content\"><div class=\"jet-table__cell-text\">Information security management system (ISMS) integrated into processes<\/div><\/div><\/div><\/td><\/tr><tr class=\"jet-table__body-row elementor-repeater-item-71c592a\"><th class=\"jet-table__cell elementor-repeater-item-77e4795 jet-table__head-cell\" scope=\"row\"><div class=\"jet-table__cell-inner\"><div class=\"jet-table__cell-content\"><div class=\"jet-table__cell-text\">Governing body<\/div><\/div><\/div><\/th><td class=\"jet-table__cell elementor-repeater-item-88f3a4f jet-table__body-cell\"><div class=\"jet-table__cell-inner\"><div class=\"jet-table__cell-content\"><div class=\"jet-table__cell-text\">Person responsible for cybersecurity<\/div><\/div><\/div><\/td><td class=\"jet-table__cell elementor-repeater-item-831e191 jet-table__body-cell\"><div class=\"jet-table__cell-inner\"><div class=\"jet-table__cell-content\"><div class=\"jet-table__cell-text\">Cybersecurity management committee and cybersecurity manager<\/div><\/div><\/div><\/td><\/tr><tr class=\"jet-table__body-row elementor-repeater-item-72de463\"><th class=\"jet-table__cell elementor-repeater-item-89cdea8 jet-table__head-cell\" scope=\"row\"><div class=\"jet-table__cell-inner\"><div class=\"jet-table__cell-content\"><div class=\"jet-table__cell-text\">Security roles<\/div><\/div><\/div><\/th><td class=\"jet-table__cell elementor-repeater-item-76a150d jet-table__body-cell\"><div class=\"jet-table__cell-inner\"><div class=\"jet-table__cell-content\"><div class=\"jet-table__cell-text\">Not addressed separately<\/div><\/div><\/div><\/td><td class=\"jet-table__cell elementor-repeater-item-952f38b jet-table__body-cell\"><div class=\"jet-table__cell-inner\"><div class=\"jet-table__cell-content\"><div class=\"jet-table__cell-text\">Defining roles and ensuring they can be covered by representatives<\/div><\/div><\/div><\/td><\/tr><tr class=\"jet-table__body-row elementor-repeater-item-3e25e73\"><th class=\"jet-table__cell elementor-repeater-item-3b8a373 jet-table__head-cell\" scope=\"row\"><div class=\"jet-table__cell-inner\"><div class=\"jet-table__cell-content\"><div class=\"jet-table__cell-text\">Management oversight<\/div><\/div><\/div><\/th><td class=\"jet-table__cell elementor-repeater-item-dab80a8 jet-table__body-cell\"><div class=\"jet-table__cell-inner\"><div class=\"jet-table__cell-content\"><div class=\"jet-table__cell-text\">Staying informed of the status of security measures<\/div><\/div><\/div><\/td><td class=\"jet-table__cell elementor-repeater-item-233d565 jet-table__body-cell\"><div class=\"jet-table__cell-inner\"><div class=\"jet-table__cell-content\"><div class=\"jet-table__cell-text\">Plus audits, risk assessments, and impact analyses<\/div><\/div><\/div><\/td><\/tr><tr class=\"jet-table__body-row elementor-repeater-item-0eeb6d7\"><th class=\"jet-table__cell elementor-repeater-item-60e7df8 jet-table__head-cell\" scope=\"row\"><div class=\"jet-table__cell-inner\"><div class=\"jet-table__cell-content\"><div class=\"jet-table__cell-text\">Continuity<\/div><\/div><\/div><\/th><td class=\"jet-table__cell elementor-repeater-item-c04066f jet-table__body-cell\"><div class=\"jet-table__cell-inner\"><div class=\"jet-table__cell-content\"><div class=\"jet-table__cell-text\">Recovery priorities for primary assets<\/div><\/div><\/div><\/td><td class=\"jet-table__cell elementor-repeater-item-d08a386 jet-table__body-cell\"><div class=\"jet-table__cell-inner\"><div class=\"jet-table__cell-content\"><div class=\"jet-table__cell-text\">Testing of continuity and recovery plans<\/div><\/div><\/div><\/td><\/tr><\/tbody>\n\t\t\t<\/table>\n\t\t<\/div>\n\n\t\t<\/div>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-c300e75 elementor-widget elementor-widget-text-editor\" data-id=\"c300e75\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p>Lower vs. higher regime \u2013 how they differ. The higher regime builds on the same foundation; it simply formalizes it more, develops it further, and adds requirements for management, oversight, and continuity.<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-8e54c5d elementor-widget-divider--separator-type-pattern elementor-widget-divider--no-spacing elementor-widget-divider--view-line elementor-widget elementor-widget-divider\" data-id=\"8e54c5d\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"divider.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<div class=\"elementor-divider\" style=\"--divider-pattern-url: url(&quot;data:image\/svg+xml,%3Csvg xmlns=&#039;http:\/\/www.w3.org\/2000\/svg&#039; preserveAspectRatio=&#039;xMidYMid meet&#039; overflow=&#039;visible&#039; height=&#039;100%&#039; viewBox=&#039;0 0 126 26&#039; fill=&#039;black&#039; stroke=&#039;none&#039;%3E%3Cpath d=&#039;M3,10.2c2.6,0,2.6,2,2.6,3.2S4.4,16.5,3,16.5s-3-1.4-3-3.2S0.4,10.2,3,10.2z M18.8,10.2c1.7,0,3.2,1.4,3.2,3.2s-1.4,3.2-3.2,3.2c-1.7,0-3.2-1.4-3.2-3.2S17,10.2,18.8,10.2z M34.6,10.2c1.5,0,2.6,1.4,2.6,3.2s-0.5,3.2-1.9,3.2c-1.5,0-3.4-1.4-3.4-3.2S33.1,10.2,34.6,10.2z M50.5,10.2c1.7,0,3.2,1.4,3.2,3.2s-1.4,3.2-3.2,3.2c-1.7,0-3.3-0.9-3.3-2.6S48.7,10.2,50.5,10.2z M66.2,10.2c1.5,0,3.4,1.4,3.4,3.2s-1.9,3.2-3.4,3.2c-1.5,0-2.6-0.4-2.6-2.1S64.8,10.2,66.2,10.2z M82.2,10.2c1.7,0.8,2.6,1.4,2.6,3.2s-0.1,3.2-1.6,3.2c-1.5,0-3.7-1.4-3.7-3.2S80.5,9.4,82.2,10.2zM98.6,10.2c1.5,0,2.6,0.4,2.6,2.1s-1.2,4.2-2.6,4.2c-1.5,0-3.7-0.4-3.7-2.1S97.1,10.2,98.6,10.2z M113.4,10.2c1.2,0,2.2,0.9,2.2,3.2s-0.1,3.2-1.3,3.2s-3.1-1.4-3.1-3.2S112.2,10.2,113.4,10.2z&#039;\/%3E%3C\/svg%3E&quot;);\">\n\t\t\t<span class=\"elementor-divider-separator\">\n\t\t\t\t\t\t<\/span>\n\t\t<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-8cafd10 elementor-widget elementor-widget-heading\" data-id=\"8cafd10\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<h2 class=\"elementor-heading-title elementor-size-default\">Management obligations under the higher regime<\/h2>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-e1b4d09 elementor-widget elementor-widget-text-editor\" data-id=\"e1b4d09\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p>The higher-obligation regime applies to organizations of the greatest social and economic significance. Here the requirements for management are governed by<a href=\"https:\/\/e-sbirka.gov.cz\/sb\/2025\/409#par_4\" target=\"_blank\" rel=\"noopener\"><strong> Section 4 of Decree No. 409\/2025 Coll.<\/strong><\/a> They are more detailed than in the lower regime: they break the same basic areas down into more sub-points and add further obligations on top. Which obligations are additional under the higher regime?<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-4e29b2a elementor-widget elementor-widget-n-accordion\" data-id=\"4e29b2a\" data-element_type=\"widget\" data-e-type=\"widget\" data-settings=\"{&quot;default_state&quot;:&quot;all_collapsed&quot;,&quot;max_items_expended&quot;:&quot;multiple&quot;,&quot;n_accordion_animation_duration&quot;:{&quot;unit&quot;:&quot;ms&quot;,&quot;size&quot;:400,&quot;sizes&quot;:[]}}\" data-widget_type=\"nested-accordion.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<div class=\"e-n-accordion\" aria-label=\"Accordion. Open links with Enter or Space, close with Escape, and navigate with Arrow Keys\">\n\t\t\t\t\t\t<details id=\"e-n-accordion-item-8190\" class=\"e-n-accordion-item\" >\n\t\t\t\t<summary class=\"e-n-accordion-item-title\" data-accordion-index=\"1\" tabindex=\"0\" aria-expanded=\"false\" aria-controls=\"e-n-accordion-item-8190\" >\n\t\t\t\t\t<span class='e-n-accordion-item-title-header'><div class=\"e-n-accordion-item-title-text\"> An information security management system (ISMS) as a framework <\/div><\/span>\n\t\t\t\t\t\t\t<span class='e-n-accordion-item-title-icon'>\n\t\t\t<span class='e-opened' ><i aria-hidden=\"true\" class=\"fas fa-chevron-up\"><\/i><\/span>\n\t\t\t<span class='e-closed'><i aria-hidden=\"true\" class=\"fas fa-chevron-down\"><\/i><\/span>\n\t\t<\/span>\n\n\t\t\t\t\t\t<\/summary>\n\t\t\t\t<div role=\"region\" aria-labelledby=\"e-n-accordion-item-8190\" class=\"elementor-element elementor-element-4906be0 e-con-full e-flex e-con e-child\" data-id=\"4906be0\" data-element_type=\"container\" data-e-type=\"container\" data-settings=\"{&quot;jet_parallax_layout_list&quot;:[]}\">\n\t\t\t\t<div class=\"elementor-element elementor-element-8002290 elementor-widget elementor-widget-text-editor\" data-id=\"8002290\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p class=\"translation-block\">Whereas the lower regime speaks of ensuring minimum cybersecurity, the higher regime is built on a <strong>formal information security management system<\/strong>. Management ensures that the security policy and objectives of this system are defined, that they align with the organization's strategic direction, and that the entire ISMS is integrated into routine processes.<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/details>\n\t\t\t\t\t\t<details id=\"e-n-accordion-item-8191\" class=\"e-n-accordion-item\" >\n\t\t\t\t<summary class=\"e-n-accordion-item-title\" data-accordion-index=\"2\" tabindex=\"-1\" aria-expanded=\"false\" aria-controls=\"e-n-accordion-item-8191\" >\n\t\t\t\t\t<span class='e-n-accordion-item-title-header'><div class=\"e-n-accordion-item-title-text\"> A cybersecurity management committee <\/div><\/span>\n\t\t\t\t\t\t\t<span class='e-n-accordion-item-title-icon'>\n\t\t\t<span class='e-opened' ><i aria-hidden=\"true\" class=\"fas fa-chevron-up\"><\/i><\/span>\n\t\t\t<span class='e-closed'><i aria-hidden=\"true\" class=\"fas fa-chevron-down\"><\/i><\/span>\n\t\t<\/span>\n\n\t\t\t\t\t\t<\/summary>\n\t\t\t\t<div role=\"region\" aria-labelledby=\"e-n-accordion-item-8191\" class=\"elementor-element elementor-element-3642a60 e-con-full e-flex e-con e-child\" data-id=\"3642a60\" data-element_type=\"container\" data-e-type=\"container\" data-settings=\"{&quot;jet_parallax_layout_list&quot;:[]}\">\n\t\t\t\t<div class=\"elementor-element elementor-element-ab5dfe0 elementor-widget elementor-widget-text-editor\" data-id=\"ab5dfe0\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p class=\"translation-block\">This is one of the most visible differences. Management must establish a cybersecurity management committee and appoint its members. The committee must include at least <strong>one member of management, or a person appointed by management, along with the cybersecurity manager<\/strong>. The committee meets at least once a year, records are kept of its meetings, and its members must have appropriate authority and professional competence.<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/details>\n\t\t\t\t\t\t<details id=\"e-n-accordion-item-8192\" class=\"e-n-accordion-item\" >\n\t\t\t\t<summary class=\"e-n-accordion-item-title\" data-accordion-index=\"3\" tabindex=\"-1\" aria-expanded=\"false\" aria-controls=\"e-n-accordion-item-8192\" >\n\t\t\t\t\t<span class='e-n-accordion-item-title-header'><div class=\"e-n-accordion-item-title-text\"> Security roles and the ability to cover them with representatives <\/div><\/span>\n\t\t\t\t\t\t\t<span class='e-n-accordion-item-title-icon'>\n\t\t\t<span class='e-opened' ><i aria-hidden=\"true\" class=\"fas fa-chevron-up\"><\/i><\/span>\n\t\t\t<span class='e-closed'><i aria-hidden=\"true\" class=\"fas fa-chevron-down\"><\/i><\/span>\n\t\t<\/span>\n\n\t\t\t\t\t\t<\/summary>\n\t\t\t\t<div role=\"region\" aria-labelledby=\"e-n-accordion-item-8192\" class=\"elementor-element elementor-element-854f7da e-con-full e-flex e-con e-child\" data-id=\"854f7da\" data-element_type=\"container\" data-e-type=\"container\" data-settings=\"{&quot;jet_parallax_layout_list&quot;:[]}\">\n\t\t\t\t<div class=\"elementor-element elementor-element-e6a3870 elementor-widget elementor-widget-text-editor\" data-id=\"e6a3870\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p>The higher regime envisages defined security roles. Management sets the rules for designating administrators and persons in security roles, provides them with the necessary authority and resources \u2013 including a budget \u2013 and ensures they can be covered by representatives. This also includes the obligation to ensure the confidentiality of relevant persons, typically administrators, persons in security roles, and suppliers.<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/details>\n\t\t\t\t\t\t<details id=\"e-n-accordion-item-8193\" class=\"e-n-accordion-item\" >\n\t\t\t\t<summary class=\"e-n-accordion-item-title\" data-accordion-index=\"4\" tabindex=\"-1\" aria-expanded=\"false\" aria-controls=\"e-n-accordion-item-8193\" >\n\t\t\t\t\t<span class='e-n-accordion-item-title-header'><div class=\"e-n-accordion-item-title-text\"> Broader management oversight of the state of security <\/div><\/span>\n\t\t\t\t\t\t\t<span class='e-n-accordion-item-title-icon'>\n\t\t\t<span class='e-opened' ><i aria-hidden=\"true\" class=\"fas fa-chevron-up\"><\/i><\/span>\n\t\t\t<span class='e-closed'><i aria-hidden=\"true\" class=\"fas fa-chevron-down\"><\/i><\/span>\n\t\t<\/span>\n\n\t\t\t\t\t\t<\/summary>\n\t\t\t\t<div role=\"region\" aria-labelledby=\"e-n-accordion-item-8193\" class=\"elementor-element elementor-element-a60a2d7 e-con-full e-flex e-con e-child\" data-id=\"a60a2d7\" data-element_type=\"container\" data-e-type=\"container\" data-settings=\"{&quot;jet_parallax_layout_list&quot;:[]}\">\n\t\t\t\t<div class=\"elementor-element elementor-element-c972505 elementor-widget elementor-widget-text-editor\" data-id=\"c972505\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p class=\"translation-block\">In the lower regime, management demonstrably <strong>stays informed of the status of measures being implemented<\/strong>. In the higher regime, the list is more specific. It includes the report on the review of the information security management system, the risk assessment report, the risk treatment plan, the results of the impact analysis, and the results of audits and inspections. Management also participates directly in preparing the impact analysis. In practice, this means that management should not receive only general information along the lines of \"we're handling security.\" It needs materials from which it can see where the main risks lie, what the organization plans to do, what it has already done, and where an open problem remains.<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/details>\n\t\t\t\t\t\t<details id=\"e-n-accordion-item-8194\" class=\"e-n-accordion-item\" >\n\t\t\t\t<summary class=\"e-n-accordion-item-title\" data-accordion-index=\"5\" tabindex=\"-1\" aria-expanded=\"false\" aria-controls=\"e-n-accordion-item-8194\" >\n\t\t\t\t\t<span class='e-n-accordion-item-title-header'><div class=\"e-n-accordion-item-title-text\"> Testing of continuity and recovery plans <\/div><\/span>\n\t\t\t\t\t\t\t<span class='e-n-accordion-item-title-icon'>\n\t\t\t<span class='e-opened' ><i aria-hidden=\"true\" class=\"fas fa-chevron-up\"><\/i><\/span>\n\t\t\t<span class='e-closed'><i aria-hidden=\"true\" class=\"fas fa-chevron-down\"><\/i><\/span>\n\t\t<\/span>\n\n\t\t\t\t\t\t<\/summary>\n\t\t\t\t<div role=\"region\" aria-labelledby=\"e-n-accordion-item-8194\" class=\"elementor-element elementor-element-4baca49 e-con-full e-flex e-con e-child\" data-id=\"4baca49\" data-element_type=\"container\" data-e-type=\"container\" data-settings=\"{&quot;jet_parallax_layout_list&quot;:[]}\">\n\t\t\t\t<div class=\"elementor-element elementor-element-b60ec46 elementor-widget elementor-widget-text-editor\" data-id=\"b60ec46\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p>Zat\u00edmco v ni\u017e\u0161\u00edm re\u017eimu veden\u00ed stanovuje priority obnovy prim\u00e1rn\u00edch aktiv, ve vy\u0161\u0161\u00edm re\u017eimu k tomu p\u0159ib\u00fdv\u00e1 <strong>povinnost tyto pl\u00e1ny pravideln\u011b testovat<\/strong>. Veden\u00ed zaji\u0161\u0165uje testov\u00e1n\u00ed <a href=\"https:\/\/cybrela.com\/slovnik\/business-continuity-plan-bcp\/\" target=\"_blank\" rel=\"noopener\">pl\u00e1n\u016f kontinuity \u010dinnost\u00ed<\/a>, pl\u00e1n\u016f obnovy a proces\u016f pro zvl\u00e1d\u00e1n\u00ed incident\u016f. C\u00edlem je ov\u011b\u0159it dop\u0159edu, jestli nastaven\u00e9 procesy opravdu funguj\u00ed. P\u0159i skute\u010dn\u00e9m v\u00fdpadku u\u017e b\u00fdv\u00e1 pozd\u011b zji\u0161\u0165ovat, \u017ee pl\u00e1n obnovy existuje jen v dokumentu, nikdo nev\u00ed, kdo m\u00e1 co d\u011blat, a kl\u00ed\u010dov\u00fd dodavatel nen\u00ed dostupn\u00fd.<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/details>\n\t\t\t\t\t<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-8f2ae88 elementor-alert-warning elementor-widget elementor-widget-alert\" data-id=\"8f2ae88\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"alert.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<div class=\"elementor-alert\" role=\"alert\">\n\n\t\t\t\n\t\t\t\t\t\t<span class=\"elementor-alert-description\">Put simply: the lower regime is about having risks under control and knowing where the organization stands.<b> The higher regime formalizes the same thing, documents it, and calls for regular reviews and testing<\/b>. On top of that, it introduces a cybersecurity committee and manager as a permanent part of the organization's cybersecurity management.<\/span>\n\t\t\t\n\t\t\t\n\t\t<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-b498d02 elementor-widget-divider--separator-type-pattern elementor-widget-divider--no-spacing elementor-widget-divider--view-line elementor-widget elementor-widget-divider\" data-id=\"b498d02\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"divider.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<div class=\"elementor-divider\" style=\"--divider-pattern-url: url(&quot;data:image\/svg+xml,%3Csvg xmlns=&#039;http:\/\/www.w3.org\/2000\/svg&#039; preserveAspectRatio=&#039;xMidYMid meet&#039; overflow=&#039;visible&#039; height=&#039;100%&#039; viewBox=&#039;0 0 126 26&#039; fill=&#039;black&#039; stroke=&#039;none&#039;%3E%3Cpath d=&#039;M3,10.2c2.6,0,2.6,2,2.6,3.2S4.4,16.5,3,16.5s-3-1.4-3-3.2S0.4,10.2,3,10.2z M18.8,10.2c1.7,0,3.2,1.4,3.2,3.2s-1.4,3.2-3.2,3.2c-1.7,0-3.2-1.4-3.2-3.2S17,10.2,18.8,10.2z M34.6,10.2c1.5,0,2.6,1.4,2.6,3.2s-0.5,3.2-1.9,3.2c-1.5,0-3.4-1.4-3.4-3.2S33.1,10.2,34.6,10.2z M50.5,10.2c1.7,0,3.2,1.4,3.2,3.2s-1.4,3.2-3.2,3.2c-1.7,0-3.3-0.9-3.3-2.6S48.7,10.2,50.5,10.2z M66.2,10.2c1.5,0,3.4,1.4,3.4,3.2s-1.9,3.2-3.4,3.2c-1.5,0-2.6-0.4-2.6-2.1S64.8,10.2,66.2,10.2z M82.2,10.2c1.7,0.8,2.6,1.4,2.6,3.2s-0.1,3.2-1.6,3.2c-1.5,0-3.7-1.4-3.7-3.2S80.5,9.4,82.2,10.2zM98.6,10.2c1.5,0,2.6,0.4,2.6,2.1s-1.2,4.2-2.6,4.2c-1.5,0-3.7-0.4-3.7-2.1S97.1,10.2,98.6,10.2z M113.4,10.2c1.2,0,2.2,0.9,2.2,3.2s-0.1,3.2-1.3,3.2s-3.1-1.4-3.1-3.2S112.2,10.2,113.4,10.2z&#039;\/%3E%3C\/svg%3E&quot;);\">\n\t\t\t<span class=\"elementor-divider-separator\">\n\t\t\t\t\t\t<\/span>\n\t\t<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-3d63d05 elementor-widget elementor-widget-heading\" data-id=\"3d63d05\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<h2 class=\"elementor-heading-title elementor-size-default\">How the Act addresses failure to meet obligations<\/h2>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-8f1e92f elementor-widget elementor-widget-text-editor\" data-id=\"8f1e92f\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p><strong>The purpose of the act is not to punish organizations<\/strong>. It is to guide them toward having cyber risks under control and being prepared to handle incidents. Even so, it is worth knowing what can happen when an organization fails to meet its obligations.<\/p><p class=\"translation-block\">For serious breaches, the authority can impose a fine. Under the lower regime, up to <strong>175 million CZK or 1.4% of net worldwide annual turnover<\/strong>; under the higher regime, up to <strong>250 million CZK or 2% of turnover<\/strong>. The higher amount always applies. The specific amount depends on the severity of the breach and its impacts. The authority also takes into account whether the organization actively manages risks and whether management is involved in that management.<\/p><p>One tool is aimed directly at members of the statutory body: a temporary ban on holding office under <a href=\"https:\/\/e-sbirka.gov.cz\/sb\/2025\/264#par_58\" target=\"_blank\" rel=\"noopener\">Section 58 of the Act<\/a>. It applies only to the higher regime and comes into consideration only when an organization repeatedly or seriously breaches its obligations in a way that frustrates compliance with a decision of the authority. The ban lasts until the deficiencies are remedied, <strong>but for no less than six months<\/strong>. This penalty does not exist under the lower regime.<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-88ad597 elementor-widget-divider--separator-type-pattern elementor-widget-divider--no-spacing elementor-widget-divider--view-line elementor-widget elementor-widget-divider\" data-id=\"88ad597\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"divider.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<div class=\"elementor-divider\" style=\"--divider-pattern-url: url(&quot;data:image\/svg+xml,%3Csvg xmlns=&#039;http:\/\/www.w3.org\/2000\/svg&#039; preserveAspectRatio=&#039;xMidYMid meet&#039; overflow=&#039;visible&#039; height=&#039;100%&#039; viewBox=&#039;0 0 126 26&#039; fill=&#039;black&#039; stroke=&#039;none&#039;%3E%3Cpath d=&#039;M3,10.2c2.6,0,2.6,2,2.6,3.2S4.4,16.5,3,16.5s-3-1.4-3-3.2S0.4,10.2,3,10.2z M18.8,10.2c1.7,0,3.2,1.4,3.2,3.2s-1.4,3.2-3.2,3.2c-1.7,0-3.2-1.4-3.2-3.2S17,10.2,18.8,10.2z M34.6,10.2c1.5,0,2.6,1.4,2.6,3.2s-0.5,3.2-1.9,3.2c-1.5,0-3.4-1.4-3.4-3.2S33.1,10.2,34.6,10.2z M50.5,10.2c1.7,0,3.2,1.4,3.2,3.2s-1.4,3.2-3.2,3.2c-1.7,0-3.3-0.9-3.3-2.6S48.7,10.2,50.5,10.2z M66.2,10.2c1.5,0,3.4,1.4,3.4,3.2s-1.9,3.2-3.4,3.2c-1.5,0-2.6-0.4-2.6-2.1S64.8,10.2,66.2,10.2z M82.2,10.2c1.7,0.8,2.6,1.4,2.6,3.2s-0.1,3.2-1.6,3.2c-1.5,0-3.7-1.4-3.7-3.2S80.5,9.4,82.2,10.2zM98.6,10.2c1.5,0,2.6,0.4,2.6,2.1s-1.2,4.2-2.6,4.2c-1.5,0-3.7-0.4-3.7-2.1S97.1,10.2,98.6,10.2z M113.4,10.2c1.2,0,2.2,0.9,2.2,3.2s-0.1,3.2-1.3,3.2s-3.1-1.4-3.1-3.2S112.2,10.2,113.4,10.2z&#039;\/%3E%3C\/svg%3E&quot;);\">\n\t\t\t<span class=\"elementor-divider-separator\">\n\t\t\t\t\t\t<\/span>\n\t\t<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-5a7923e elementor-widget elementor-widget-heading\" data-id=\"5a7923e\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<h2 class=\"elementor-heading-title elementor-size-default\">Key takeaways<\/h2>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-9a72008 elementor-widget elementor-widget-text-editor\" data-id=\"9a72008\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p class=\"translation-block\">Cybersecurity belongs to an organization's management just as much as finance, operations, or legal matters. <strong>Top management sets priorities, ensures resources, oversees the state of security<\/strong>, and steps into decision-making during incidents. Through its approach, it also shapes the security culture of the entire organization. Employees are very good at sensing whether management treats security as a genuine part of management or merely as another obligation on paper.<\/p><p>If you would like to go through management's obligations in more detail and place them in the context of your organization, we have prepared <strong>training for top management<\/strong> \u2013 for the <a href=\"https:\/\/www.cybrela-akademie.com\/course\/skoleni-pro-vrcholne-vedeni-nizsi-rezim?utm_source=cybrela&amp;utm_medium=blog&amp;utm_campaign=clanek-vedeni\" target=\"_blank\" rel=\"noopener\">lower obligations regime<\/a> and the <a href=\"https:\/\/www.cybrela-akademie.com\/course\/skoleni-pro-vrcholne-vedeni-vyssi-rezim?utm_source=cybrela&amp;utm_medium=blog&amp;utm_campaign=clanek-vedeni\" target=\"_blank\" rel=\"noopener\">higher obligations regime<\/a>. Both draw on experience from real projects and incidents. In them, we cover what is expected of management, what questions it should ask, and how to put its role into practice.<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-91106a7 elementor-widget-divider--separator-type-pattern elementor-widget-divider--no-spacing elementor-widget-divider--view-line elementor-widget elementor-widget-divider\" data-id=\"91106a7\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"divider.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<div class=\"elementor-divider\" style=\"--divider-pattern-url: url(&quot;data:image\/svg+xml,%3Csvg xmlns=&#039;http:\/\/www.w3.org\/2000\/svg&#039; preserveAspectRatio=&#039;xMidYMid meet&#039; overflow=&#039;visible&#039; height=&#039;100%&#039; viewBox=&#039;0 0 126 26&#039; fill=&#039;black&#039; stroke=&#039;none&#039;%3E%3Cpath d=&#039;M3,10.2c2.6,0,2.6,2,2.6,3.2S4.4,16.5,3,16.5s-3-1.4-3-3.2S0.4,10.2,3,10.2z M18.8,10.2c1.7,0,3.2,1.4,3.2,3.2s-1.4,3.2-3.2,3.2c-1.7,0-3.2-1.4-3.2-3.2S17,10.2,18.8,10.2z M34.6,10.2c1.5,0,2.6,1.4,2.6,3.2s-0.5,3.2-1.9,3.2c-1.5,0-3.4-1.4-3.4-3.2S33.1,10.2,34.6,10.2z M50.5,10.2c1.7,0,3.2,1.4,3.2,3.2s-1.4,3.2-3.2,3.2c-1.7,0-3.3-0.9-3.3-2.6S48.7,10.2,50.5,10.2z M66.2,10.2c1.5,0,3.4,1.4,3.4,3.2s-1.9,3.2-3.4,3.2c-1.5,0-2.6-0.4-2.6-2.1S64.8,10.2,66.2,10.2z M82.2,10.2c1.7,0.8,2.6,1.4,2.6,3.2s-0.1,3.2-1.6,3.2c-1.5,0-3.7-1.4-3.7-3.2S80.5,9.4,82.2,10.2zM98.6,10.2c1.5,0,2.6,0.4,2.6,2.1s-1.2,4.2-2.6,4.2c-1.5,0-3.7-0.4-3.7-2.1S97.1,10.2,98.6,10.2z M113.4,10.2c1.2,0,2.2,0.9,2.2,3.2s-0.1,3.2-1.3,3.2s-3.1-1.4-3.1-3.2S112.2,10.2,113.4,10.2z&#039;\/%3E%3C\/svg%3E&quot;);\">\n\t\t\t<span class=\"elementor-divider-separator\">\n\t\t\t\t\t\t<\/span>\n\t\t<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-3b736bd elementor-mobile-align-start elementor-icon-list--layout-traditional elementor-list-item-link-full_width elementor-widget elementor-widget-icon-list\" data-id=\"3b736bd\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"icon-list.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<ul class=\"elementor-icon-list-items\">\n\t\t\t\t\t\t\t<li class=\"elementor-icon-list-item\">\n\t\t\t\t\t\t\t\t\t\t\t<span class=\"elementor-icon-list-icon\">\n\t\t\t\t\t\t\t<i aria-hidden=\"true\" class=\"fas fa-info-circle\"><\/i>\t\t\t\t\t\t<\/span>\n\t\t\t\t\t\t\t\t\t\t<span class=\"elementor-icon-list-text\">This content was prepared with the help of AI and subsequently underwent thorough human editing and fact-checking.<\/span>\n\t\t\t\t\t\t\t\t\t<\/li>\n\t\t\t\t\t\t<\/ul>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t<div class=\"elementor-element elementor-element-9c4644d e-flex e-con-boxed e-con e-parent\" data-id=\"9c4644d\" data-element_type=\"container\" data-e-type=\"container\" data-settings=\"{&quot;jet_parallax_layout_list&quot;:[]}\">\n\t\t\t\t\t<div class=\"e-con-inner\">\n\t\t\t\t<div class=\"elementor-element elementor-element-c3ca925 elementor-cta--skin-cover elementor-bg-transform elementor-bg-transform-zoom-in elementor-widget elementor-widget-call-to-action\" data-id=\"c3ca925\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"call-to-action.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<div class=\"elementor-cta\">\n\t\t\t\t\t<div class=\"elementor-cta__bg-wrapper\">\n\t\t\t\t<div class=\"elementor-cta__bg elementor-bg\" style=\"background-image: url();\" role=\"img\" aria-label=\"\"><\/div>\n\t\t\t\t<div class=\"elementor-cta__bg-overlay\"><\/div>\n\t\t\t<\/div>\n\t\t\t\t\t\t\t<div class=\"elementor-cta__content\">\n\t\t\t\t\n\t\t\t\t\t\t\t\t\t<h2 class=\"elementor-cta__title elementor-cta__content-item elementor-content-item\">\n\t\t\t\t\t\tTraining for management\t\t\t\t\t<\/h2>\n\t\t\t\t\n\t\t\t\t\t\t\t\t\t<div class=\"elementor-cta__description elementor-cta__content-item elementor-content-item\">\n\t\t\t\t\t\tPrepare your management for the new Cybersecurity Act. You can complete training for top management in both the lower and higher obligation regimes online at the Cybrela Academy \u2013 without the hassle of coordinating instructors and finding an open slot in the calendar.\t\t\t\t\t<\/div>\n\t\t\t\t\n\t\t\t\t\t\t\t\t\t<div class=\"elementor-cta__button-wrapper elementor-cta__content-item elementor-content-item\">\n\t\t\t\t\t<a class=\"elementor-cta__button elementor-button elementor-size-\" href=\"https:\/\/www.cybrela-akademie.com\/vrcholne-vedeni?utm_source=cybrela&#038;utm_medium=blog&#038;utm_campaign=clanek-vedeni\" target=\"_blank\" rel=\"noopener\">\n\t\t\t\t\t\tContinue to cybrela academy\t\t\t\t\t<\/a>\n\t\t\t\t\t<\/div>\n\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>","protected":false},"excerpt":{"rendered":"<p>What must the management of organizations address under the new Cybersecurity Act? An overview of obligations for both the lower and higher regimes, sanctions, and practical implications.<\/p>","protected":false},"author":8,"featured_media":12719,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[56],"tags":[57,83],"class_list":["post-12691","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-nis2","tag-nis2","tag-zakon-o-kyberneticke-bezpecnosti"],"_links":{"self":[{"href":"https:\/\/competent-turing.176-102-64-80.plesk.page\/en\/wp-json\/wp\/v2\/posts\/12691","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/competent-turing.176-102-64-80.plesk.page\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/competent-turing.176-102-64-80.plesk.page\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/competent-turing.176-102-64-80.plesk.page\/en\/wp-json\/wp\/v2\/users\/8"}],"replies":[{"embeddable":true,"href":"https:\/\/competent-turing.176-102-64-80.plesk.page\/en\/wp-json\/wp\/v2\/comments?post=12691"}],"version-history":[{"count":37,"href":"https:\/\/competent-turing.176-102-64-80.plesk.page\/en\/wp-json\/wp\/v2\/posts\/12691\/revisions"}],"predecessor-version":[{"id":13001,"href":"https:\/\/competent-turing.176-102-64-80.plesk.page\/en\/wp-json\/wp\/v2\/posts\/12691\/revisions\/13001"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/competent-turing.176-102-64-80.plesk.page\/en\/wp-json\/wp\/v2\/media\/12719"}],"wp:attachment":[{"href":"https:\/\/competent-turing.176-102-64-80.plesk.page\/en\/wp-json\/wp\/v2\/media?parent=12691"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/competent-turing.176-102-64-80.plesk.page\/en\/wp-json\/wp\/v2\/categories?post=12691"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/competent-turing.176-102-64-80.plesk.page\/en\/wp-json\/wp\/v2\/tags?post=12691"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}