Council Decision 2009/968/JHAShow full title

CHAPTER II SECURITY RESPONSIBILITIES

Article 3Member States' Responsibilities

1.Member States shall undertake to ensure that, within their territory, Europol information receive a level of protection which is equivalent to the level of protection offered by the security measures established under these rules.

2.Member States shall undertake to inform the Security Coordinator of all security breaches that may compromise the interests of Europol or of a Member State. In the latter case, the Member State concerned shall also be informed directly through the national unit.

Article 4Security Committee

1.A Security Committee shall be set up, consisting of representatives of the Member States and of Europol, which shall meet at least twice a year.

2.The Security Committee shall have as its task to advise the Management Board and Director of Europol on issues relating to security policy, including the application of the Security Manual.

3.The Security Committee shall establish its rules of procedure. The meetings of the Security Committee shall be chaired by the Security Coordinator.

Article 5Security Coordinator

1.The Security Coordinator shall have general responsibility for all issues relating to security, including the security measures laid down in these rules and in the Security Manual. The Security Coordinator shall monitor the enforcement of security provisions and inform the Director of all breaches of security. In serious cases, the Director shall inform the Management Board. If such breaches risk compromising the interests of a Member State, that Member State shall also be informed.

2.The Security Coordinator shall be directly answerable to the Director of Europol.

3.The Security Coordinator shall be security cleared to the highest level in accordance with the laws and regulations applicable in the Member State of which the Security Coordinator is a national.

Article 6Security Officers

1.Security Officers shall support the Director in the implementation of the security measures laid down in these rules and in the Security Manual. Security Officers shall be directly answerable to the Security Coordinator. The specific tasks of the Security Officers shall be:

(a)to instruct, assist and advise all persons at Europol — as well as any other person involved in Europol-related activities who is under a particular obligation of discretion or confidentiality — as to their duties under these rules and under the Security Manual;

(b)to enforce security provisions, investigate breaches thereof and report on them immediately to the Security Coordinator;

(c)to regularly review the adequacy of security measures on the basis of risk assessments; to that end, they shall report to the Security Coordinator as a rule at least once a month and, in exceptional cases, whenever it is deemed necessary and shall provide appropriate recommendations and advice;

(d)to perform the tasks assigned to them under these rules or under the Security Manual; and

(e)to perform any other tasks assigned to them by the Security Coordinator.

2.Security Officers shall be security cleared to the appropriate level required by their duties and in accordance with the laws and regulations applicable in the Member States of which they are a national.

Article 7Security Manual, procedure and content

1.The Security Manual shall be adopted by the Management Board after having consulted the Security Committee.

2.The Security Manual shall provide management direction and support for security in accordance with business requirements and shall set out Europol’s approach to managing security. The Security Manual shall contain:

(a)detailed rules on the security measures to be applied within Europol in order to provide for the basic protection level referred to in Article 10(1) of these rules, such measures being based on Articles 35 and 41(2) of the Europol Decision and taking account of Article 40(3) thereof; and

(b)detailed rules on the security measures associated with the different Europol classification levels and the corresponding security packages referred to in Article 10(2) and 10(3); the Security Manual shall also take account of Article 46 of the Europol Decision.

3.The Security Manual shall be reviewed at regular intervals, or when significant changes occur, in order to ensure its continuing suitability, adequacy, and effectiveness.

4.Amendments to the Security Manual shall be adopted in accordance with the procedure set out in paragraph 1.

Article 8Security accreditation of systems

1.All Europol systems used to process Europol classified information shall be accredited by the Management Board after having consulted the Security Committee and after having obtained assurance of the effective implementation of the required security measures deriving from the system specific security requirements (SSSR), Information Risk Register and any other relevant documentation. Subsystems and remote terminals or workstations shall be accredited as part of all the systems to which they are connected.

2.The SSSR shall be adopted and amended by the Management Board after having consulted the Security Committee. This SSSR shall comply with the relevant provisions of the Security Manual.

Article 9Observance

1.The security measures laid down in these rules and in the Security Manual shall be observed by all persons at Europol, as well as by any other person involved in Europol-related activities who is under a particular obligation of discretion or confidentiality.

2.The Director, the liaison bureaus and Europol national units shall be responsible for ensuring observance of these rules and of the Security Manual in accordance with paragraph 1.