On October 29, 2025, a joint working meeting was held at Su Resurstary Marketing Joint-Stock Company with representatives from Astel JSC and SmartTechService IP. The main objective of the meeting was to discuss the implementation of an information security system in the water supply and sanitation sector in accordance with Order No. 370 of the Ministry of Industry and Infrastructure Development of the Republic of Kazakhstan dated September 16, 2025.

In today's environment, information security is becoming a key element of a company's sustainable development. This is especially relevant for organizations working with critical infrastructure, such as water supply and wastewater systems. The digitalization of processes and the active use of information technology create new opportunities, but simultaneously increase the risks of cyberattacks, data leaks, and other threats. Therefore, implementing an effective information security system is a priority for Su Resurstary – Marketing, ZhShS.

The meeting discussed the fundamental principles and functional capabilities of the future system. Representatives of Astel JSC shared their experience implementing comprehensive information security systems at enterprises of various sizes, noting that successful information security depends not only on technical means but also on the organization's security culture, employee awareness, and proper process organization.

Experts emphasized the importance of a systems approach, including:

• analysis of the current infrastructure of the enterprise;

• identification of potential threats;

• development and implementation of information security policy;

• training staff in the rules of safe work with information;

• monitoring and control over compliance with established procedures.

SmartTechService IP presented practical solutions aimed at enhancing the security of corporate networks and internal information resources. Suggestions included implementing access control systems, protecting servers and databases, organizing backups and encryption of critical data, and monitoring network traffic to identify suspicious activity.

During the discussion, the parties noted that an information security system should include not only technical tools but also organizational measures. These include: procedures for handling confidential information, instructions for employees on the secure use of the corporate network, regular training, and testing of personnel knowledge on information security issues.

Particular attention was paid to analyzing the current state of the company's information infrastructure. Specialists from Su Resources – Marketing, together with experts from external companies, conducted a preliminary assessment to determine which systems require enhanced protection, which processes need to be automated to improve security, and where potential vulnerabilities exist. Based on this data, specific recommendations and measures to enhance data security are planned.

The implementation of an incident response system was also discussed. This system involves promptly identifying and localizing threats, minimizing potential consequences, and developing plans for restoring information systems after incidents. This approach reduces the risk of cyberattacks and confidential information leaks, and enhances the enterprise's digital resilience.

A key aspect of implementing an information security system is developing a corporate security culture. This means that all employees must be aware of potential threats, understand their responsibilities for information protection, and actively participate in adhering to established rules. To achieve this, regular training sessions, seminars, and internal employee knowledge assessments are planned.

At the end of the meeting, the parties emphasized the importance of a comprehensive approach: combining technical solutions, organizational measures, and employee awareness. This approach will enable the creation of a sustainable information security system that meets modern requirements and standards, minimizing risks and enhancing trust in the company's operations.

Representatives of Su Resurstary – Marketing emphasized that the company continues its systematic efforts to implement modern information security standards and build digital resilience. The main goal is to ensure reliable data protection, guarantee the continuity of information systems, and raise employee awareness of the importance of adhering to security regulations.

Collaboration with JSC Astel and IP SmartTechService allows us to leverage best practices and implement proven solutions that comply with international standards and Kazakhstani legislation. Implementation of these solutions also helps improve the efficiency of internal processes, reduce the risk of information leakage, and ensure operational transparency.

During the meeting, it was emphasized that information security is not a one-time event, but an ongoing process. It requires constant threat analysis, adaptation to new conditions, improvement of security tools, and regular staff training. Only a comprehensive and systematic approach can ensure a high level of information protection and enterprise resilience to external and internal threats.

In summary, the October 29, 2025, working meeting at Su Resurstary-Marketing was an important step toward improving information security. Discussing the system's fundamental principles, functional capabilities, infrastructure analysis, and the preparation of specific recommendations allowed for the development of a plan for further action to ensure digital security.

"Su Resources – Marketing" of ZhShS intends to continue its systematic work to develop a corporate culture of information security, enhance digital resilience, and ensure data protection. These measures are aimed at maintaining the company's reliability, protecting critical water supply and wastewater infrastructure, and creating a secure digital workspace for all employees.

Thus, the implementation of an information security system at Su Resurstati – Marketing not only complies with current legal requirements and industry standards, but is also an important element of the company's sustainable development strategy in the digital age.