Item 2 of the agenda DIMEITDG Steering Group June 2018 Pascal JACQUES ESTAT B2LISO Outline ESS IT security Assurance mechanism 2017 certification results 2018 Certification ID: 795484
Download The PPT/PDF document "IT security assurance – 2018 and beyo..." is the property of its rightful owner. Permission is granted to download and print the materials on this web site for personal, non-commercial use only, and to display it on your personal computer provided you do not modify the materials and that you retain all copyright notices contained in the materials. By downloading content from our website, you accept the terms of this agreement.
Slide1
IT security assurance – 2018 and beyondItem 2 of the agendaDIME/ITDG Steering GroupJune 2018
Pascal JACQUES
ESTAT B2/LISO
Slide2OutlineESS IT security Assurance mechanism2017 certification results2018 Certification process2019 Certification scheduleActions
resulting
from
the 2016 self-
assesment
exercise
Grants
Workshops
Slide3ESS Assurance mechanismScope: exchange of data to produce intra-EU trade in goods statisticsCoverage: 26 ESS members + ESTAT+ 5 ONAs (BE, ES, FI, FR, UK)Reporting: Summary of certification
process
submitted
to ESSC
annually
(
February
)
Deadline
: All
members
to
be
certified
end 2019
New certification round: 2020 and
beyond
Slide42017 Certification resultsCertification ESS countries phase 1NL: November 2017 On-site
visit
and feedback
provided
to CBS
Corrective actions
implemented
by April 2018
IT :
December
2017
On-site
visit
4-6/12/17
Feedback
provided
to ISTAT on 18/12/2017
Corrective actions and deadlines
expected
from
ISTAT
Report to May 2018 ESSC
May'18 ESSC
endorsed
certification of CBS (NL)
IT to
be
endorsed
by ITDG
under
new
procedure
Slide5Feedback on 2017 certificationBetter define the perimeter of the certification based on a "Scope Document" to be drafted by NSI and provided
to PWC
prior
to certification
Scope document
finalised
by ESS IT expert group
to
be
endorsed
by ITDG by
written
consultation
Non
disclosure
Agreement
under
discussions
with
all MS
Improve
PWC feedback to NSI
through
a standard "
Assessment
Report
"
Risk
:
Lot of MS
postponing
certification
towards
2019
Slide6Certification 2018Certification ESS countries phase 2 (6 countries + ESTAT)SI: 05/18 done – feedback
provided
to SURS
BE (NBB):
07
/18
LT: 09/18
ESTAT:
10/18
EE, SE:
10/18
DE:
11/18
??
Slide7Certification 2019Certification ESS countries phase 320 countries : AT, BG, CZ, CY, DK, EL, ES (Customs), FI (NSI + Customs), FR
,
HR,
HU
, IE,
LU
,
LV,
MT, PL,
PT
, RO,
SK
,
UK(
NSI+Customs
)
Countries
have been
contacted
by PWC on 31/5/18
for 2019
scheduling
To
start
early
2019
To
be
finished
end 09/19
Slide8Additional actions endorsed by May 2018 ESSCEach MS to publish publicly the Information Security PolicyEach MS to appoint an IT security
officer
in
Slide92016 Grantscountry
Start date
end date
amount
duration
DE
06/03/2017
05/03/2018
44,150.08
12
95%
GR
01/03/2017
30/01/2018
80,957.97
10
95%
HR
22/02/2017
21/02/2018
164,260.85
12
95%
IT
23/02/2107
22/02/2018
136,266.31
12
95%
LU
15/12/2016
14/12/2017
138,879.06
12
95%
LV
01/03/2017
01/11/2017
66,168.20
8
95%
NL
01/01/2017
31/12/2017
254,396.13
12
95%
PL
21/03/2017
20/03/2018
100,783.00
12
95%
SI
01/04/2017
31/03/2018
129,702.48
12
95%
SK
03/03/2017
02/03/2018
150,588.00
12
95%
Slide102017 Grantscountry
Start date
end date
amount
duration
AT
01/09/2017
31/8/2018
60,644.96
12
95%
BG
01/10/2017
30/09/2018
121,553.32
12
95%
CY
21/12/2017
20/12/2018
74,053.91
12
95%
DK
15/12/2017
14/12/2018
67,500.00
12
70%
EE
01/11/2017
30/09/2018
29,059.49
11
95%
HR
15/12/2017
14/12/2018
163,191.25
12
95%
HU
01/02/2018
31/01/2019
206,980.87
12
95%
LT
15/12/2017
14/12/2018
78,532.82
12
95%
LU
01/01/2018
31/12/2018
176,896.37
12
95%
MT
18/12/2017
17/12/2018
126,764.02
12
95%
PL
27/12/2017
26/12/2018
102,358.33
12
95%
PT
20/12/2017
19/12/2018
191,272.96
12
95%
Slide1117th May 2018 – Closing of 3rd Call for proposals for mono-beneficiary grants Grants to start Q3 2018
1.200.000
€
available
13
proposals
received
for an
amount
of 3
M€
Under
evaluation
February
2019
–
Launch
of
4th
Call for proposals for mono-beneficiary grantsGrants to start Q3 2019
2018-2019 Grants
Slide12Workshops1st workshop on Information Classification – 5-6 October 2017 MadridHarmonise practices in terms of data classification and controlsComparisons of the different classification schemes in the MS
guidelines for data classification and lookup tables for existing classifications
Countries requested to classify all datasets sent to ESTAT according to national classification schemes. Consolidation undergoing at ESTAT side
Slide132nd workshop on incident management and putting in place a structure for exchanging within the ESS security incidents May 2018 BarcelonaDefine incidents types and identify important types of incidents relevant for the microdata exchange business case
Rapid
exchange of information
regarding
any
incident
compromising
the
security
of the information
exchanged
and
systems
dealing
with
it
Define terms and conditions for setting up an ESS incident management serviceExcel sheet with type of incidents to exchange in the ESS including actions and response timeOngoing discussions on the use of ASSIST for exchange
Slide143rd workshopPotential subject: ESS guidelines on harmonized security policies and on harmonized rules for staff recruitment policies Spain - October 2019