Фрагмент документа "РЕГЛАМЕНТ (ЕС) N 1987/2006 ЕВРОПЕЙСКОГО ПАРЛАМЕНТА И СОВЕТА ОБ УЧРЕЖДЕНИИ, ФУНКЦИОНИРОВАНИИ И ИСПОЛЬЗОВАНИИ ШЕНГЕНСКОЙ ИНФОРМАЦИОННОЙ СИСТЕМЫ ВТОРОГО ПОКОЛЕНИЯ (СИС II) <**>".
Article 16
Security
1. The Management Authority, in relation to Central SIS II, and
the Commission, in relation to the Communication Infrastructure, shall
adopt the necessary measures, including a security plan, in order to:
(a) physically protect data, including by making contingency
plans for the protection of critical infrastructure;
(b) deny unauthorised persons access to data-processing
facilities used for processing personal data (facilities access
control);
(c) prevent the unauthorised reading, copying, modification or
removal of data media (data media control);
(d) prevent the unauthorised input of data and the unauthorised
inspection, modification or deletion of stored personal data (storage
control);
(e) prevent the use of automated data-processing systems by
unauthorised persons using data communication equipment (user
control);
(f) ensure that persons authorised to use an automated
data-processing system have access only to the data covered by their
access authorisation by means of individual and unique user identities
and confidential access modes only (data access control);
(g) create profiles describing the functions and responsibilities
of persons who are authorised to access the data or the data
processing facilities and make these profiles available to the
European Data Protection Supervisor referred to in Article 45 without
delay upon its request (personnel profiles);
(h) ensure that it is possible to verify and establish to which
bodies personal data may be transmitted using data communication
equipment (communication control);
(i) ensure that it is subsequently possible to verify and
establish which personal data have been input into automated
data-processing systems, when and by whom the data were input (input
control);
(j) prevent the unauthorised reading, copying, modification or
deletion of personal data during transfers of personal data or during
transportation of data media in particular by means of appropriate
encryption techniques (transport control);
(k) monitor the effectiveness of the security measures referred
to in this paragraph and take the necessary organisational measures
related to internal monitoring to ensure compliance with this
Regulation (self-auditing).
2. The Management Authority shall take measures equivalent to
those referred to in paragraph 1 as regards security in respect of the
exchange of supplementary information through the Communication
Infrastructure.
|
Фрагмент документа "РЕГЛАМЕНТ (ЕС) N 1987/2006 ЕВРОПЕЙСКОГО ПАРЛАМЕНТА И СОВЕТА ОБ УЧРЕЖДЕНИИ, ФУНКЦИОНИРОВАНИИ И ИСПОЛЬЗОВАНИИ ШЕНГЕНСКОЙ ИНФОРМАЦИОННОЙ СИСТЕМЫ ВТОРОГО ПОКОЛЕНИЯ (СИС II) <**>".