1.Classified contracts or grant agreements shall include the following security elements:
‘Programme or Project Security Instruction’ (PSI) means a list of security procedures which are applied to a specific programme or project in order to standardise security procedures. It may be revised throughout the programme or project.
The Directorate-General Human Resources and Security shall develop a generic PSI, the Commission departments responsible for programmes or projects involving handling or storage of EUCI may develop, where appropriate, specific PSIs, which shall be based upon the generic PSI.
A specific PSI shall be developed in particular for programmes and projects characterised by their considerable scope, scale or complexity, or by the multitude and/or the diversity of contractors, beneficiaries and other partners and stakeholders involved, for instance as regards their legal status. The specific PSI shall be developed by the Commission department(s) managing the programme or project, in close cooperation with the Directorate-General Human Resources and Security.
The Directorate-General Human Resources and Security shall submit both the generic and specific PSIs for advice to the Commission Security Expert Group.
‘Security Aspects Letter’ (SAL) means a set of special contractual conditions, issued by the contracting authority, which forms an integral part of any classified contract involving access to or the creation of EUCI, that identifies the security requirements and those elements of the contract requiring security protection.
The contract-specific security requirements shall be described in a SAL. The SAL shall, where appropriate, contain the Security Classification Guide (‘SCG’) and shall be an integral part of a classified contract or sub-contract, or grant agreement.
The SAL shall contain the provisions requiring the contractor or beneficiary to comply with the minimum standards laid down in this Decision. The contracting authority shall ensure the SAL indicates that non-compliance with these minimum standards may constitute sufficient grounds for the contract or the grant agreement to be terminated.
2.Both PSIs and SALs shall include a SCG as a mandatory security element:
(a)‘Security Classification Guide’ (SCG) means a document which describes the elements of a programme, project, contract or grant agreement which are classified, specifying the applicable security classification levels. The SCG may be expanded throughout the life of the programme, project, contract or grant agreement and the elements of information may be re-classified or downgraded; where an SCG exists it shall be part of the SAL.
(b)Prior to launching a call for tender or letting a classified contract, the Commission department, as contracting authority, shall determine the security classification of any information to be provided to candidates and tenderers or contractors, as well as the security classification of any information to be created by the contractor. For that purpose, it shall prepare an SCG to be used for the performance of the contract, in accordance with this Decision and its implementing rules, after consulting the Commission Security Authority.
(c)In order to determine the security classification of the various elements of a classified contract, the following principles shall apply:
in preparing an SCG, the Commission department, as the contracting authority, shall take into account all relevant security aspects, including the security classification assigned to information provided and approved to be used for the contract by the originator of the information;
the overall level of classification of the contract may not be lower than the highest classification of any of its elements; and
where relevant, the contracting authority shall liaise, through the Commission Security Authority, with the Member States' NSAs, DSAs or any other competent security authority concerned in the event of any changes regarding the classification of information created by or provided to contractors in the performance of a contract and when making any subsequent changes to the SCG.