Download presentation
Presentation is loading. Please wait.
Published by藏工 龚 Modified over 5 years ago
1
IT security assurance – 2018 and beyond Item 2 of the agenda DIME/ITDG Steering Group June 2018
Pascal JACQUES ESTAT B2/LISO
2
Outline ESS IT security Assurance mechanism 2017 certification results
2018 Certification process 2019 Certification schedule Actions resulting from the 2016 self-assesment exercise Grants Workshops
3
ESS Assurance mechanism
Scope: exchange of data to produce intra-EU trade in goods statistics Coverage: 26 ESS members + ESTAT+ 5 ONAs (BE, ES, FI, FR, UK) Reporting: Summary of certification process submitted to ESSC annually (February) Deadline: All members to be certified end 2019 New certification round: 2020 and beyond
4
2017 Certification results
Certification ESS countries phase 1 NL: November 2017 On-site visit and feedback provided to CBS Corrective actions implemented by April 2018 IT : December 2017 On-site visit 4-6/12/17 Feedback provided to ISTAT on 18/12/2017 Corrective actions and deadlines expected from ISTAT Report to May 2018 ESSC May'18 ESSC endorsed certification of CBS (NL) IT to be endorsed by ITDG under new procedure
5
Feedback on 2017 certification
Better define the perimeter of the certification based on a "Scope Document" to be drafted by NSI and provided to PWC prior to certification Scope document finalised by ESS IT expert group to be endorsed by ITDG by written consultation Non disclosure Agreement under discussions with all MS Improve PWC feedback to NSI through a standard "Assessment Report" Risk: Lot of MS postponing certification towards 2019
6
Certification 2018 Certification ESS countries phase 2 (6 countries + ESTAT) SI: 05/18 done – feedback provided to SURS BE (NBB): 07/18 LT: 09/18 ESTAT: 10/18 EE, SE: 10/18 DE: 11/18 ??
7
Certification 2019 Certification ESS countries phase 3
20 countries : AT, BG, CZ, CY, DK, EL, ES (Customs), FI (NSI + Customs), FR, HR, HU, IE, LU, LV, MT, PL, PT, RO, SK, UK(NSI+Customs) Countries have been contacted by PWC on 31/5/18 for 2019 scheduling To start early 2019 To be finished end 09/19
8
Additional actions endorsed by May 2018 ESSC
Each MS to publish publicly the Information Security Policy Each MS to appoint an IT security officer in
9
2016 Grants country Start date end date amount duration DE 06/03/2017
05/03/2018 44,150.08 12 95% GR 01/03/2017 30/01/2018 80,957.97 10 HR 22/02/2017 21/02/2018 164,260.85 IT 23/02/2107 22/02/2018 136,266.31 LU 15/12/2016 14/12/2017 138,879.06 LV 01/11/2017 66,168.20 8 NL 01/01/2017 31/12/2017 254,396.13 PL 21/03/2017 20/03/2018 100,783.00 SI 01/04/2017 31/03/2018 129,702.48 SK 03/03/2017 02/03/2018 150,588.00
10
2017 Grants country Start date end date amount duration AT 01/09/2017
31/8/2018 60,644.96 12 95% BG 01/10/2017 30/09/2018 121,553.32 CY 21/12/2017 20/12/2018 74,053.91 DK 15/12/2017 14/12/2018 67,500.00 70% EE 01/11/2017 29,059.49 11 HR 163,191.25 HU 01/02/2018 31/01/2019 206,980.87 LT 78,532.82 LU 01/01/2018 31/12/2018 176,896.37 MT 18/12/2017 17/12/2018 126,764.02 PL 27/12/2017 26/12/2018 102,358.33 PT 20/12/2017 19/12/2018 191,272.96
11
Grants 17th May 2018 – Closing of 3rd Call for proposals for mono-beneficiary grants Grants to start Q3 2018 € available 13 proposals received for an amount of 3M€ Under evaluation February 2019 – Launch of 4th Call for proposals for mono-beneficiary grants Grants to start Q3 2019
12
Workshops 1st workshop on Information Classification – 5-6 October 2017 Madrid Harmonise practices in terms of data classification and controls Comparisons of the different classification schemes in the MS guidelines for data classification and lookup tables for existing classifications Countries requested to classify all datasets sent to ESTAT according to national classification schemes. Consolidation undergoing at ESTAT side
13
2nd workshop on incident management and putting in place a structure for exchanging within the ESS security incidents May 2018 Barcelona Define incidents types and identify important types of incidents relevant for the microdata exchange business case Rapid exchange of information regarding any incident compromising the security of the information exchanged and systems dealing with it Define terms and conditions for setting up an ESS incident management service Excel sheet with type of incidents to exchange in the ESS including actions and response time Ongoing discussions on the use of ASSIST for exchange
14
3rd workshop Potential subject: ESS guidelines on harmonized security policies and on harmonized rules for staff recruitment policies Spain - October 2019
Similar presentations
© 2024 SlidePlayer.com. Inc.
All rights reserved.