FantasticSearch

Security – Member States Each Member State shall, in relation to its N.SIS, adopt the necessary measures, including a security plan, a business continuity plan and a disaster recovery plan in order to: physically protect data, including by making contingency plans for the protection of critical infrastructure; deny unauthorised persons access to data-processing facilities used for processing personal data (facilities access control); prevent the unauthorised reading, copying, modification or removal of data media (data media control); prevent the unauthorised input of data and the unauthorised inspection, modification or deletion of stored personal data (storage control); prevent the use of automated data-processing systems by unauthorised persons using data communication equipment (user control); prevent the unauthorised processing of data in SIS and any unauthorised modification or erasure of data processed in SIS (control of data entry);

ensure that persons authorised to use an automated data-processing system have access only to the data covered by their access authorisation, by means of individual and unique user identifiers and confidential access modes only (data access control); ensure that all authorities with a right of access to SIS or to the data processing facilities create profiles describing the functions and responsibilities of persons who are authorised to access, enter, update, delete and search the data and make those profiles available to the supervisory authorities referred to in Article 55(1) without delay upon their request (personnel profiles); ensure that it is possible to verify and establish to which bodies personal data may be transmitted using data communication equipment (communication control); ensure that it is subsequently possible to verify and establish which personal data have been input into automated data-processing systems, when, by whom and for what purpose (input control);

prevent the unauthorised reading, copying, modification or deletion of personal data during the transmission of personal data or during the transport of data media, in particular by means of appropriate encryption techniques (transport control); monitor the effectiveness of the security measures referred to in this paragraph and take the necessary organisational measures related to internal monitoring to ensure compliance with this Regulation (self-auditing); ensure that, in the event of interruption, installed systems can be restored to normal operation (recovery); and ensure that SIS performs its functions correctly, that faults are reported (reliability) and that personal data stored in SIS cannot be corrupted by means of the system malfunctioning (integrity).