1 / 18

Hugues Kenigswald Head of Unit B3 (Biocides)

ECHA IT systems Security requirements. Biocides CA meeting 12 – 14 December 2012. Hugues Kenigswald Head of Unit B3 (Biocides). Overview. Security: issues and prevention Current and future situation for biocides REACH and CLP model and proposal Competent Authorities

sandersjohn
Download Presentation

Hugues Kenigswald Head of Unit B3 (Biocides)

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. ECHA IT systems Security requirements Biocides CA meeting 12 – 14 December 2012 Hugues Kenigswald Head of Unit B3 (Biocides)

  2. Overview • Security: issues and prevention • Current and future situation for biocides • REACH and CLP model and proposal • Competent Authorities • Role of National Security Officers • ECHA Security Officers’ Network • Conclusion 06 January 2020 echa.europa.eu 2

  3. Security: Issues and prevention

  4. Current situation for Biocides • R4BP2: no confidential informationexcept product composition • Application dossiers: • Active substances: • Complete dossier stored in evaluating MSCA : paper and/or electronic files • Summary dossier stored in JRC and all other MSCAs • Biocidal products: • Complete dossier stored in one CA : paper and electronic files • No common security model 06 January 2020 echa.europa.eu 4

  5. Future situation for Biocides • R4BP v3: limited confidential information • Application dossiers: • Complete dossier in electronic files (IUCLID) • Central IUCLID repository: access to Commission, ECHA and all MSCAs => Increased risk • Common security model proposed 06 January 2020 echa.europa.eu 5

  6. The REACH and CLP model • The Commission and MSCAs have agreed on common security model for dossiers on chemicals in 2005 (i.e. before the establishment of ECHA and entry into operation of REACH/CLP) • Objective: limit the risk of unauthorised disclosure of confidential business information 06 January 2020 echa.europa.eu 6

  7. Proposed Security Model • Apply the Security Model of REACH and CLP • Security Model is built on: • Declaration of Commitment • Standard Security Requirements • Unified Remote Access 06 January 2020 echa.europa.eu 7

  8. Declaration of Commitment • The legal representative of the authority signs a Declaration of Commitment which has conditions on • Use of information • Public access to information • Security measures and cooperation with ECHA • Auditing • Liability • Dissemination on national level 06 January 2020 echa.europa.eu 8

  9. Standard Security Requirements • The Standard Security Requirements referred in the Declaration of Commitment provide details on inter alia • Physical security • ICT security • Handling of information • Roles and responsibilities • Non-disclosure agreements • Reporting • Annual audit 06 January 2020 echa.europa.eu 9

  10. Unified Remote Access • ECHA Unified Remote Access solution is based on • SSL VPN (clientless) • RSA SecurID hardware security tokens • IP address-based filtering 06 January 2020 echa.europa.eu 10

  11. Competent Authorities

  12. Competent Authorities • Each Member State designates the Competent Authorities and informs the European Commission • ECHA needs official designation in order to be able to grant access to the relevant information systems containing confidential business information 06 January 2020 echa.europa.eu 12

  13. Role of National Security Officers • Responsible for security training/awareness briefings and promotion of security awareness • Report to ECHA all suspected, attempted or actual security breaches including serious attempts at illegal or unauthorised entry, any loss, theft or compromise of data and any attempt at corruption of an official with a view to gaining access to data or other sensitive material 06 January 2020 echa.europa.eu 13

  14. ECHA Security Officers’ Network • The ECHA Management Board has given the Security Officers’ Network (SON) a formal role in reviewing security requirements, agreeing on any deviations and in preparing security-related audit guidelines • ECHA has organised meetings of the SON from 2007 • Member State Competent Authorities • Mandated National Institutions • European Commission • Industry (CEFIC): observers 06 January 2020 echa.europa.eu 14

  15. Information/training session • ECHA is planning to invite the ‘to-be’ Security Officers from new Biocides Competent Authorities to ECHA for an information/training session in Q1 2013 explaining: • Procedure to access ECHA IT systems • Standard Security Requirements in detail • How to use Unified Remote Access solution 06 January 2020 echa.europa.eu 15

  16. Conclusion

  17. Conclusion • Agree on the approach of using Unified Security Model • Designate Competent Authorities as soon as possible (preferably not later than January 2013) • Participate to the ECHA information/ training session (ideally the ‘to-be’ Security Officer) 06 January 2020 echa.europa.eu 17

  18. Contact If you have any question, please contact: • son@echa.europa.eu • biocides@echa.europa.eu 06 January 2020 echa.europa.eu 18

More Related