- Latest available (Revised)
- Original (As adopted by EU)
Commission Implementing Regulation (EU) No 802/2014Show full title
Commission Implementing Regulation (EU) No 802/2014 of 24 July 2014 establishing models for national programmes and establishing the terms and conditions of the electronic data exchange system between the Commission and Member States pursuant to Regulation (EU) No 514/2014 of the European Parliament and of the Council laying down general provisions on the Asylum, Migration and Integration Fund and on the instrument for financial support for police cooperation, prevention and combating crime and crisis management
You are here:
What Version
More Resources
Legislation originating from the EU
When the UK left the EU, legislation.gov.uk published EU legislation that had been published by the EU up to IP completion day (31 December 2020 11.00 p.m.). On legislation.gov.uk, these items of legislation are kept up-to-date with any amendments made by the UK since then.
This item of legislation originated from the EU
Legislation.gov.uk publishes the UK version. EUR-Lex publishes the EU version. The EU Exit Web Archive holds a snapshot of EUR-Lex’s version from IP completion day (31 December 2020 11.00 p.m.).
Status:
This is the original version as it was originally adopted in the EU.
This legislation may since have been updated - see the latest available (revised) version
Article 7Security of data transmitted through SFC2014
1.The Commission shall establish an information technology security policy (hereinafter referred to as ‘SFC IT security policy’) for SFC2014 applicable to personnel using SFC2014 in accordance with relevant Union rules, in particular Commission Decision C(2006)3602(1) and its implementing rules. The Commission shall designate one or more persons responsible for defining, maintaining and ensuring the correct application of the security policy for SFC2014.
2.Member States and European institutions other than the Commission, who have received access rights to SFC2014, shall comply with the IT security terms and conditions published in the SFC2014 portal and the measures that are implemented in SFC2014 by the Commission to secure the transmission of data, in particular in relation to the use of the technical interface referred to in Article 6(1) of this Regulation.
3.Member States and the Commission shall implement and ensure effectiveness of security measures adopted to protect the data they have stored and transmitted through SFC2014.
4.Member States shall adopt national, regional or local information technology security policies covering access to SFC2014 and automatic input of data into it, ensuring a minimum set of security requirements. These national, regional or local IT security policies may refer to other security documents. Each Member State shall ensure that these IT security policies apply to all authorities using SFC2014.
5.These national, regional or local IT security policies shall include:
(a)the IT security aspects of the work performed by the person or persons responsible for managing the access rights referred to in Article 4(3) of this Regulation when working directly in SFC2014; and
(b)the IT security measures for those national, regional or local computer systems connected to SFC2014 through a technical interface referred to in Article 6(1) of this Regulation.
For the purposes of point (b) of the first subparagraph, the following aspects of IT security shall be covered, as appropriate:
(a)
physical security;
(b)
data media and access control;
(c)
storage control;
(d)
access and password control;
(e)
monitoring;
(f)
interconnection to SFC2014;
(g)
communication infrastructure;
(h)
human resources; and
(i)
incident management.
6.The national, regional or local IT security policies shall be based on a risk assessment and the measures described shall be proportionate to the risks identified.
7.The documents setting out the national, regional or local IT security policies shall be made available to the Commission upon request.
8.Member States shall designate, at a national or regional level, one or more persons responsible for maintaining and ensuring the application of the national, regional or local IT security policies. That person or those persons shall act as contact point with the person or persons designated by the Commission and referred to in paragraph 1.
9.Both the SFC IT security policy and the relevant national, regional or local IT security policies shall be updated in the event of technological changes, the identification of new threats or other relevant developments. In any event, they shall be reviewed on an annual basis to ensure that they continue to provide an appropriate response.
(1)
Commission Decision C(2006) 3602 of 16 August 2006 concerning the security of information systems used by the European Commission.
Options/Help
Print Options
PrintThe Whole Regulation
PrintThis Article only
Legislation is available in different versions:
Latest Available (revised):The latest available updated version of the legislation incorporating changes made by subsequent legislation and applied by our editorial team. Changes we have not yet applied to the text, can be found in the ‘Changes to Legislation’ area.
Original (As adopted by EU): The original version of the legislation as it stood when it was first adopted in the EU. No changes have been applied to the text.
Opening Options
Different options to open legislation in order to view more content on screen at once
More Resources
Access essential accompanying documents and information for this legislation item from this tab. Dependent on the legislation item being viewed this may include:
- the original print PDF of the as adopted version that was used for the EU Official Journal
- lists of changes made by and/or affecting this legislation item
- all formats of all associated documents
- correction slips
- links to related legislation and further information resources
More Resources
Use this menu to access essential accompanying documents and information for this legislation item. Dependent on the legislation item being viewed this may include:
- the original print PDF of the as adopted version that was used for the print copy
- correction slips
Click 'View More' or select 'More Resources' tab for additional information including:
- lists of changes made by and/or affecting this legislation item
- confers power and blanket amendment details
- all formats of all associated documents
- links to related legislation and further information resources
All content is available under the Open Government Licence v3.0 except where otherwise stated. This site additionally contains content derived from EUR-Lex, reused under the terms of the Commission Decision 2011/833/EU on the reuse of documents from the EU institutions. For more information see the EUR-Lex public statement on re-use.