Presentation is loading. Please wait.

Presentation is loading. Please wait.

Security requirements

Published byEeva-Liisa Kinnunen Modified over 5 years ago

Similar presentations

Presentation on theme: "Security requirements"— Presentation transcript:

1 Security requirements
ECHA IT systems Security requirements Biocides CA meeting 12 – 14 December 2012 Hugues Kenigswald Head of Unit B3 (Biocides) 07 May 2019

2 Overview Security: issues and prevention Competent Authorities
Current and future situation for biocides REACH and CLP model and proposal Competent Authorities Role of National Security Officers ECHA Security Officers’ Network Conclusion 07 May 2019 echa.europa.eu 2 2

3 Security: Issues and prevention

4 Current situation for Biocides
R4BP2: no confidential information except product composition Application dossiers: Active substances: Complete dossier stored in evaluating MSCA : paper and/or electronic files Summary dossier stored in JRC and all other MSCAs Biocidal products: Complete dossier stored in one CA : paper and electronic files No common security model 07 May 2019 echa.europa.eu 4 4

5 Future situation for Biocides
R4BP v3: limited confidential information Application dossiers: Complete dossier in electronic files (IUCLID) Central IUCLID repository: access to Commission, ECHA and all MSCAs => Increased risk Common security model proposed 07 May 2019 echa.europa.eu 5 5

6 The REACH and CLP model The Commission and MSCAs have agreed on common security model for dossiers on chemicals in 2005 (i.e. before the establishment of ECHA and entry into operation of REACH/CLP) Objective: limit the risk of unauthorised disclosure of confidential business information 07 May 2019 echa.europa.eu 6 6

7 Proposed Security Model
Apply the Security Model of REACH and CLP Security Model is built on: Declaration of Commitment Standard Security Requirements Unified Remote Access 07 May 2019 echa.europa.eu 7 7

8 Declaration of Commitment
The legal representative of the authority signs a Declaration of Commitment which has conditions on Use of information Public access to information Security measures and cooperation with ECHA Auditing Liability Dissemination on national level 07 May 2019 echa.europa.eu 8 8

9 Standard Security Requirements
The Standard Security Requirements referred in the Declaration of Commitment provide details on inter alia Physical security ICT security Handling of information Roles and responsibilities Non-disclosure agreements Reporting Annual audit 07 May 2019 echa.europa.eu 9 9

10 Unified Remote Access ECHA Unified Remote Access solution is based on
SSL VPN (clientless) RSA SecurID hardware security tokens IP address-based filtering 07 May 2019 echa.europa.eu 10 10

11 Competent Authorities

12 Competent Authorities
Each Member State designates the Competent Authorities and informs the European Commission ECHA needs official designation in order to be able to grant access to the relevant information systems containing confidential business information 07 May 2019 echa.europa.eu 12 12

13 Role of National Security Officers
Responsible for security training/awareness briefings and promotion of security awareness Report to ECHA all suspected, attempted or actual security breaches including serious attempts at illegal or unauthorised entry, any loss, theft or compromise of data and any attempt at corruption of an official with a view to gaining access to data or other sensitive material 07 May 2019 echa.europa.eu 13 13

14 ECHA Security Officers’ Network
The ECHA Management Board has given the Security Officers’ Network (SON) a formal role in reviewing security requirements, agreeing on any deviations and in preparing security-related audit guidelines ECHA has organised meetings of the SON from 2007 Member State Competent Authorities Mandated National Institutions European Commission Industry (CEFIC): observers 07 May 2019 echa.europa.eu 14 14

15 Information/training session
ECHA is planning to invite the ‘to-be’ Security Officers from new Biocides Competent Authorities to ECHA for an information/training session in Q explaining: Procedure to access ECHA IT systems Standard Security Requirements in detail How to use Unified Remote Access solution 07 May 2019 echa.europa.eu 15 15

16 Conclusion

17 Conclusion Agree on the approach of using Unified Security Model
Designate Competent Authorities as soon as possible (preferably not later than January 2013) Participate to the ECHA information/ training session (ideally the ‘to-be’ Security Officer) 07 May 2019 echa.europa.eu 17 17

18 Contact If you have any question, please contact: son@echa.europa.eu
07 May 2019 echa.europa.eu 18 18

Download ppt "Security requirements"

Similar presentations

Echa.europa.eu/2013 ECHA Key Messages for REACH 2013 1.Engage actively in SIEF 2.Get used to the IT tools 3.Use the support tools before submitting your.

Echa.europa.eu/2013 ECHA Key Messages for REACH Engage actively in SIEF 2.Get used to the IT tools 3.Use the support tools before submitting your.
Eurostat T HE E UROPEAN PROCESS OF ENHANCING ACCESS TO E UROSTAT DATA A LEKSANDRA B UJNOWSKA E UROSTAT.

Eurostat T HE E UROPEAN PROCESS OF ENHANCING ACCESS TO E UROSTAT DATA A LEKSANDRA B UJNOWSKA E UROSTAT.
Cefic model SIEF Agreement: benefits and practical aspects CEFIC Legal Aspects of REACH Issue Team (LARIT) June 2009.

Cefic model SIEF Agreement: benefits and practical aspects CEFIC Legal Aspects of REACH Issue Team (LARIT) June 2009.
Budapest May, 2001 Anne Lehouck European Commission, DG ENTERPRISE 1 ELECTRONIC SIGNATURE LEGAL FRAMEWORK & STANDARDISATION.

Budapest May, 2001 Anne Lehouck European Commission, DG ENTERPRISE 1 ELECTRONIC SIGNATURE LEGAL FRAMEWORK & STANDARDISATION.
EuropeAid 1 Revision of Financial Regulation: Trust Funds Brussels, 16 November 2010.

EuropeAid 1 Revision of Financial Regulation: Trust Funds Brussels, 16 November 2010.
Horizontal Research Activities involving SMEs Joachim Ball, European Commission, DG RTD B3 n Co-operative Research n Collective Research General Introduction.

Horizontal Research Activities involving SMEs Joachim Ball, European Commission, DG RTD B3 n Co-operative Research n Collective Research General Introduction.
Evaluation of the Role of Audit to Detect Corruption in Thailand Prepared by Dr. Sutthi Suntharanurak Office of the Auditor General of Thailand.

Evaluation of the Role of Audit to Detect Corruption in Thailand Prepared by Dr. Sutthi Suntharanurak Office of the Auditor General of Thailand.
TUTORIAL Grant Preparation & Project Management. Grant preparation What are the procedures during the grant preparations?  The coordinator - on behalf.

TUTORIAL Grant Preparation & Project Management. Grant preparation What are the procedures during the grant preparations?  The coordinator - on behalf.
Session 3 – Information Security Policies

Session 3 – Information Security Policies
Session 4. Panel session: How useful is the notion of “circle of trust” concept ? A vision for the future. Maurice Brandt Destatis Germany 2ND EUROPEAN.

Session 4. Panel session: How useful is the notion of “circle of trust” concept ? A vision for the future. Maurice Brandt Destatis Germany 2ND EUROPEAN.
How could industry make best use of the guidance? Johan Nouwen Guidance and Helpdesk (A.1) REACH Workshop - Brussels 18/09/2008.

How could industry make best use of the guidance? Johan Nouwen Guidance and Helpdesk (A.1) REACH Workshop - Brussels 18/09/2008.
1 ENISA’s contribution to the development of Network and Information Security within the Community By Andrea PIROTTI Executive Director ENISA Cyprus, 28.

1 ENISA’s contribution to the development of Network and Information Security within the Community By Andrea PIROTTI Executive Director ENISA Cyprus, 28.
Handling information 14 Standard.

Handling information 14 Standard.
Overview of ERF, EIF & RF AP 2012 29 th August 2013 Amanda Borg Funds and Programmes Division, MEAIM General Programme Solidarity & Management of Migration.

Overview of ERF, EIF & RF AP th August 2013 Amanda Borg Funds and Programmes Division, MEAIM General Programme Solidarity & Management of Migration.
What Keeps You Awake at Night Compliance Corporate Governance Critical Infrastructure Are there regulatory risks? Do employees respect and adhere to internal.

What Keeps You Awake at Night Compliance Corporate Governance Critical Infrastructure Are there regulatory risks? Do employees respect and adhere to internal.
Pre-registration, data-sharing and SIEFs Geert Dancet REACH Workshop – Brussels 18/09/2008.

Pre-registration, data-sharing and SIEFs Geert Dancet REACH Workshop – Brussels 18/09/2008.
2 1.Client protection principles 2.Principle #6 in practice 3.Two components of protecting client data 4.Participant feedback 5.Practitioner lessons and.

2 1.Client protection principles 2.Principle #6 in practice 3.Two components of protecting client data 4.Participant feedback 5.Practitioner lessons and.
Quality assurance activities at EUROSTAT CCSA Conference Helsinki, 6-7 May 2010 Martina Hahn, Eurostat.

Quality assurance activities at EUROSTAT CCSA Conference Helsinki, 6-7 May 2010 Martina Hahn, Eurostat.
Experiences with registrations - 5 years on the road On the REACH Road 23 November 2011 Kevin Pollard ECHA – Dossier Submission and Dissemination.

Experiences with registrations - 5 years on the road On the REACH Road 23 November 2011 Kevin Pollard ECHA – Dossier Submission and Dissemination.
Telecentre-Europe General Assembly 2013 Collective membership agreement.

Telecentre-Europe General Assembly 2013 Collective membership agreement.

Similar presentations

Ads by Google