Information Resilience & Governance Department
Information Resilience & Governance Department (IRGD)
The Information Resilience & Governance Department (IRGD) reports to IPTO’s Regulatory Policy General Division. Its mission is to oversee, monitor and strengthen the Group’s framework for resilience, business continuity, and information and communications governance. In an ever-evolving environment, where critical energy infrastructure faces complex and hybrid threats ranging from extreme weather events to sophisticated cyber attacks, the Department serves as the focal point for implementing and ensuring compliance with the regulatory framework. It ensures that the Transmission System Operator maintains a high level of preparedness and institutional resilience, safeguarding the uninterrupted operation of the Electricity Transmission System.
Role and Responsibilities
The Department operates at the level of corporate governance, strategic planning and regulatory compliance. Its primary role is to support IPTO’s full compliance with the modern and stringent European and national regulatory framework, which is structured around the following key pillars:
- Cybersecurity (NIS 2 Directive – Law 5160/2024 & NCCS Network Code): The Department oversees the implementation of information security policies at the governance level. It aligns the organisation with both the general requirements of the NIS 2 Directive and the sector-specific provisions of the European Network Code on Cybersecurity (NCCS), which governs the security of cross-border electricity flows and operational control systems.
- Resilience (CER Directive – Law 5236/2025): The Department coordinates the preparation of the Risk Assessment and Resilience Measures Plan, with the objective of protecting systems and related infrastructure against natural disasters, sabotage and hybrid threats.
- Coordination of Risk Studies and Analyses: It supports the preparation of specialised studies, including Risk Assessments, Business Impact Analyses (BIA), and Gap Analyses, to evaluate the operational impact of potential disruptions.
- Incident Management and Reporting: In close cooperation with the competent technical departments, the Department ensures the timely and accurate notification of the National Authorities (National Cybersecurity Authority/CSIRT and the General Secretariat for the Protection of Critical Entities) in the event of significant physical or cyber incidents.
- Security Awareness: In collaboration with the Information Technology Department, it designs and implements awareness and training programs for the Group’s personnel, subsidiaries, and relevant third-party partners.
- Supply Chain Security & Critical Entity Registers: The Department provides guidance on compliance with security requirements (for both cybersecurity and physical protection) that must be met by contractors, manufacturers, and suppliers of critical equipment. It also keeps up-to-date registers of critical entities.
Contribution to IPTO’s Mission
The establishment and operation of the Information Resilience & Governance Department represents a strategic investment for IPTO, shifting the organisation’s approach to security from a reactive model to a holistic and proactive resilience framework. The Department’s contribution focuses on harmonising European directives and national legislation under a unified corporate governance approach. By continuously monitoring international developments, emerging risks and best practices, the Department provides IPTO’s Management with the strategic intelligence required for informed decision-making. In this way, IPTO strengthens its resilience against hybrid threats, ensures compliance with the most stringent European standards and reinforces the reliability and security of the national electricity transmission system.
INFORMATION RESILIENCE AND GOVERNMENT DEPARTMENT
Konstantinoupoleos Ave. 1 & Kifissou, 121 32 Peristeri
Dimitris Zografou
Director
Tel. 2109466855
E-mail d.zografos@admie.gr