FantasticSearch

1. The Member State responsible shall ensure the security of the data before and during transmission to the national interface. Each Member State shall ensure the security of the data which it receives from the VIS.

2. Each Member State shall, in relation to its national system, adopt the necessary measures, including a security plan, in order to:

(a) physically protect data, including by making contingency plans for the protection of critical infrastructure;

(b) deny unauthorised persons access to national installations in which the Member State carries out operations in accordance with the purposes of the VIS (checks at entrance to the installation);

(c) prevent the unauthorised reading, copying, modification or removal of data media (data media control);

(d) prevent the unauthorised input of data and the unauthorised inspection, modification or deletion of stored personal data (storage control);

(e) prevent the unauthorised processing of data in the VIS and any unauthorised modification or deletion of data processed in the VIS (control of data entry);

(f) ensure that persons authorised to access the VIS have access only to the data covered by their access authorisation, by means of individual and unique user identities and confidential access modes only (data access control);

(g) ensure that all authorities with a right of access to the VIS create profiles describing the functions and responsibilities of persons who are authorised to access, enter, update, delete and search the data and make these profiles available to the National Supervisory Authorities referred to in Article 41 without delay at their request (personnel profiles);

(h) ensure that it is possible to verify and establish to which bodies personal data may be transmitted using data communication equipment (communication control);

(i) ensure that it is possible to verify and establish what data have been processed in the VIS, when, by whom and for what purpose (control of data recording);

(j) prevent the unauthorised reading, copying, modification or deletion of personal data during the transmission of personal data to or from the VIS or during the transport of data media, in particular by means of appropriate encryption techniques (transport control);

(k) monitor the effectiveness of the security measures referred to in this paragraph and take the necessary organisational measures related to internal monitoring to ensure compliance with this Regulation (self-auditing).

3. The Management Authority shall take the necessary measures in order to achieve the objectives set out in paragraph 2 as regards the operation of the VIS, including the adoption of a security plan.