The Recommendation reflects a shared understanding of the concept of Critical Information Infrastructures (CII) and of how national CII are identified across countries. It calls for the introduction and maintenance of effective policy frameworks to implement the OECD Security Guidelines in relation to the protection of CII and makes recommendations with respect to the protection of CII at the domestic level and across borders.
The Recommendation focuses on how governments should demonstrate leadership and commitment regarding CIIP, manage risks to CII and work in partnership with private sector. It also calls for bilateral and multilateral cooperation at regional and global levels, for example to share knowledge and experience, develop a common understanding and share information.
This Recommendation builds on the findings of a comparative analysis of policies in seven OECD countries in 2006-2007. At that time, the concept of CII was emerging and there was no agreement across countries on what it meant. Some countries did not even use these terms at all. The comparative analysis helped develop a shared understanding of the concept.