eu-LISA aims at maintaining and improving the security architecture of
large-scale IT systems in the area of freedom, security and justice (Eurodac, SIS, VIS, and the future EES, ETIAS and ECRIS-TCN), as well as the communication network that connects the Member States to the central systems. The eu-LISA Security Unit strengthens the Agency's information management capabilities alongside the security and cybersecurity aspects of the IT systems and data carried therein. The Agency delivers added value to the Member States by creating a secure environment for the continuous operation of the IT systems it manages.
Responsibilities of the Agency in the operational management of large-scale IT systems
The Agency's Regulation and specific requirements in the EU Regulations of several large-scale IT systems, complemented by requirements from the Agency's stakeholders, guide the eu-LISA Security Unit in its mission. The most prominent task for Security is to assure the 24/7 functioning of the systems, yet, it is also responsible for
- a continuous and secure exchange of data between national authorities and eu-LISA operators;
- high-quality efficient services and solutions in order to become an acknowledged EU ICT centre of excellence with relevant technical security skills;
- the security requirements for the design, initiation, development and implementation of new systems and new pilot projects.
Additionally, the Security Unit supports the Agency in developing constant improvements in:
- service delivery;
- developing a modern, efficient and agile organisation;
- ensuring a constant appropriate level of data and physical security not only for the large-scale IT systems but also for the Agency and staff.
The Security Unit at eu-LISA focuses on implementing appropriate security measures that match the requirements at the Agency sites in four locations, in an innovative and efficient way for its systems operations, and in a close cooperation with its stakeholders. In addition, the objective within eu-LISA is to operate in a safe and secure environment, by providing levels of protection for persons, assets and information commensurate with identified risks, all in a timely manner. Decision of the Management Board on Security rules in eu-LISA 2016-133 Rev3 sets out the objectives, basic principles, organisation and responsibilities regarding security at eu-LISA.
With regard to information security, the Security Unit also coordinates the implementation of
Decision of the Management Board on the Security Rules for Protecting Sensitive Non-classified Information at eu-LISA 2019-208 and
Decision of the Management Board on the Security Rules for Protecting EU Classified Information in eu-LISA 2019-273. Handling instructions for Sensitive Non-classified information issued by eu-LISA are available
here.