140 likes | 148 Views
ESS Security and Secure exchange of information Expert Group ( E4SEG) Item 1 of the agenda IT security assurance DIME/ITDG SG Meeting London 15/2/20189. Pascal Jacques ESTAT A1 Local Informatics Security Officer. Certification process 2017-2018 Certification 2019 Grants Workshops
E N D
ESS Security and Secure exchange of information Expert Group (E4SEG) Item 1 of the agendaIT security assuranceDIME/ITDG SG Meeting London15/2/20189 Pascal Jacques ESTAT A1 Local Informatics Security Officer
Certification process 2017-2018 • Certification 2019 • Grants • Workshops • Next phase
Certification status • 2017 • NL: endorsed by May'18 ESSC • IT: under finalisation • 2018 • SI: 28-29/05/18 Endorsed Feb'19 ESSC • BE (NBB): 10-11/07/18 NBB feedback undereval • SE : 1-2/10/18 EndorsedFeb'19 ESSC • EUROSTAT: 8-12/10/18 EndorsedFeb'19 ESSC • LT: 9-10/10/18 Follow-up end March 19 • EE: 30-31/10/18 Follow-up end March 19 • DE: 29-30/11/18 Follow-up end June 19
Planning certification 2019 • All countries confirmed planification apart • UK (NSI + Customs) • FR Customs • ES Customs • All ESS partners to becovered by end September • Final report to February 2020 ESSC
2019 Grants • March2019 – Launch of 4th Call for proposals for mono-beneficiarygrants • Grants to startQ3 2019 • 1.2M€ funding budget
Workshops • 1st workshop on Information Classification – 5-6 October 2017 Madrid • Harmonise practices in terms of data classification and controls • Comparisons of the different classification schemes in the MS • guidelines for data classification and lookup tables for existing classifications • Conclusions • Availability of comparison table between classifications schemes used in the ESS members • Classification of all datasets sent by MS to ESTAT and harmonisation of protection measures
2nd workshop on security incident management and putting in place a structure for exchanging within the ESS security incidents • May 2018 Barcelona • Define and identifyimportant types of incidents relevant for the microdataexchange • Define exchange channels for information regardingany incident compromising the security • Conclusions • List of "security incidents" to beexchanged in the ESS including actions and response time • Email mechanisms for rapidexchanging of information betweenpartners
3rdworkshop • Impact on GDPR on the ESS exchange of microdata • Spain – beginning October 2019 • European Data Supervisor + some DPOs • Focus on security consequences
Next Phase • Launch call for tender for: • Analysis of currentexerciseand certification results • Gather opinion and feedback of somecertified ESS members • Propose recommendations and models for the processbeyond 2019 • Discuss the identifiedmodelswith ESS members (ITDG, ESS IT Security Task Force) and propose options with roadmaps • Deadline for completion of the analysis: end 2019 • Presentation of the suggestedoption - post-2019 to February 2020 ESSC for endorsement