THE EUROPEAN UNION        Brussels, 30 April 2009



from:    Drafting Group for updating of Schengen catalogue SIS
to:    Schengen Evaluation Working Party
No. prev. doc. :    15443/02 SCHEVAL 43 SIS 97 SIRENE 75 COMIX 703
Subject :    Updated Catalogue of recommendations for the correct application of the Schengen acquis and best practices: part on the Schengen Information System







1. National section of the SIS    9
1.1.    Systems and organisation    9
1.2.    Communication infrastructure    9
2. SIRENE    9
2.1    National structure    9
2.2    Organisation and system    10
2.3    Recruitment and training    11
3. End-users    12
3.1    Querying and user interface    12
3.2    Training    13
4. Data handling    14
4.1    Entry / modification / deletion of alerts    14
4.2    Exchange of forms and other communication    15
4.3    Follow-up of hits    17
4.4    Data quality measures    18
5. Security    20
5.1    Planning of data security work    20
5.2    Security organisation and asset control    20
5.3    Personnel security    21
5.4    Physical security    22
5.5    Equipment security    23
5.6.1 SIS data processing equipment    23
5.6.2    Terminal and PC workstations    24
5.7    Communications and operating management    24
5.7.1    Operating procedures and responsibility    24
5.7.2    Procedures for incident management    25
5.7.3    Protection against malicious software    25
5.7.4    Backup    26
5.7.5    Network management    26
5.7.6    Handling of data media    26
5.8    User access control    27
5.9    Monitoring system access and use    28
5.10    Development and maintenance    28
5.11    Emergency planning    29
5.12    Control    30

Preface by the Czech Presidency

At its meeting on 17 July 2008, the Schengen Evaluation Working Party set the objective of revising and updating the Schengen Catalogues of recommendations for the proper application of the Schengen acquis and best practice because of the need to reflect the legislative, organizational and technical developments in the areas covered by the Catalogues from the time of their first publication.

Work on the updated version of the Catalogue regarding the Schengen Information System and SIRENE was commenced during the French Presidency and completed during the Czech Presidency. A group of experts was established, chaired by Italy, with the participation of the European Commission, Austria, the Czech Republic, France, Germany, Hungary, the Netherlands, Portugal, Poland, Slovenia and Switzerland. The Czech Presidency would very much like to thank the experts for their professional work in updating the Catalogue.

The new version of the Catalogue incorporates all developments in the area of SIS and SIRENE including recent initiatives to enhance the use of these pivotal tools in securing the controls on persons at external borders and in enhancing security and justice within the Schengen area. The experience gained during the evaluations of ten new member states which are connected to the SIS and fully apply the Schengen acquis was taken into account as well as the outcomes of regular SIRENE operators’ seminars and Heads of SIRENE conferences. As soon as the new version of SIS is implemented the situation should be repflected in the next version of the Catalogue.

So now, Member States and Schengen associated countries are provided with the most current compendium of recommendations and best practice for SIS and SIRENE. The purpose of the Catalogue is explained by its title  and it has no legally binding status. However, the recommendations and best practice collected should be given serious consideration, in line with the Schengen acquis itself, as only the highest level and standards of use of the SIS and the establishment and co-operation of SIRENEs can strongly support the enlarged EU/Schengen area as an area of freedom, justice and security.

The Czech Presidency is confident that the updated Catalogue will, on the one hand, support candidate countries in ensuring their successful integration, whilst, on the other hand, motivate the Member States to further improve use of the SIS and enhance the functioning of their SIRENEs.

April 2009


1.    At its meeting on 28 May 2001, the Council set as an objective for further work by the Working Party on Schengen Evaluation the identification of „… best practices, particularly as regards border controls, so that they can serve as examples for those States acceding to Schengen but also those fully applying the Schengen acquis. These evaluations and the identification of best practices shall serve as inspiration for the establishment of standards defining the minimum application of the Schengen acquis (…) in the relevant working groups” (mandate for the Working Party on Schengen Evaluation) (8881/01 – SCH-EVAL 17, COMIX 371).

On the basis of this mandate, the Working Party on Schengen Evaluation worked out the principles and procedure for drawing up the Catalogue of recommendations for the correct application of the Schengen acquis and best practices, hereinafter referred to as the Catalogue of recommendations and best practices, or Catalogue.

The purpose of the Catalogue is to clarify and detail the Schengen acquis and to indicate recommendations and best practices, in order to provide an example for Member States and associated countries not applying the Schengen acquis in full and also those fully applying it. The aim is not to provide an exhaustive definition of the whole of the Schengen acquis but to put forward legally non-binding recommendations and best practices in the light of the experience gained by the Working Party on Schengen Evaluation in verifying the correct application of the Schengen acquis in several countries.

The text of the Catalogue does not seek to introduce new requirements but should also make it possible to draw the Council’s attention to the need where appropriate to amend certain provisions of the Schengen acquis so that the Commission and, where appropriate, the Member States take the recommendations and best practices into account when putting forward proposals or formal initiatives.

Moreover, the Catalogue will serve as a reference tool for future evaluations undertaken in the candidate countries. It will therefore also serve as an indicator for these countries of the tasks which they will be assigned and in this respect should be read in conjunction with the SIRENE Manual.

2.    The Working Party on Schengen Evaluation adopted the following definitions to conduct this exercise:
–    recommendations: non-exhaustive series of measures which should make it possible to establish a basis for the correct application of the Schengen acquis and for monitoring it.
–    best practice: non-exhaustive set of working methods or model measures which must be considered as the optimal application of the Schengen acquis, it being understood that several best practices are possible for each specific part of Schengen cooperation.

3.    Since 2002, when the previous version of the Catalogue was published, the integration of EU security policies has been strengthened and evolved through the adoption of various legal instruments, especially Council Regulation (EC) No 871/2004 and Council Decision 2005/211/JHA concerning the introduction of some new functions for the Schengen Information System, including, in the fight against terrorism (based on the Spanish Initiatives), Commission Decisions 2006/757/EC and 2006/758/JHA on amending the SIRENE Manual; Council Framework Decision 584/2002/JHA on European Arrest Warrant and the surrender Procedures between Member States; Regulation (EC) No 562/2006 establishing a Community Code on the rules governing the movement of persons across borders (Schengen Borders Code); Council Framework Decision 960/2006/JHA (based on the Swedish Initiative). Also several initiatives for enhancing the use of SIS were presented in the meantime; namely the French Initiative on the fight against terrorism and the Czech Initiative on better use of the SIS and SIRENE for protection of minors. Safeguarding the spirit of the Tampere Council conclusions and the Hague Programme, Member States are seeking integration and enhanced cooperation to ensure the European Union is an area of freedom, security and justice. All these new legislative provisions and initiatives, as well as development in IT technologies, have had a great impact on the SIS and SIRENE co-operation.

4.    The enlargement of the Schengen Area by ten countries in 2007 and 2008 – the Czech Republic, the Republic of Estonia, the Republic of Latvia, the Republic of Lithuania, the Republic of Hungary, the Republic of Malta, the Republic of Poland, the Republic of Slovenia and the Slovak Republic and Switzerland, represented the biggest expansion of the SIS and SIRENE co-operation. In the evaluation process of these countries many best practices were noted and recommendations were made.

5.    Many important findings for the SIS and SIRENE co-operation have been  collected within the regular SIRENE operators’ seminars and Heads of SIRENE conferences which were subsequently approved by the SIS/SIRENE Working Party.

6.    Six countries are preparing to join the SIS and the Schengen Area. They should be provided with the updated Catalogue. Also the current Member States should be supplied with the recommendations and best practice to motivate them in further developing  the use of the SIS and the effective functioning of their SIRENEs.

7.    The structure of this Catalogue has not changed significantly from the previous edition. A short general section describes the basic concepts underlying the recommendations and best practice. These are presented in tabular form, with recommendations on the left and best practice on the right, alongside the relevant recommendations. The recommendations were duly updated to correspond with the present state of the SIS and SIRENE co-operation from legislative, operational and technical points of view. The best practice was collected and set out to describe optimal solutions based on current experience from both new and old Member States.



The list of recommendations and best practice set out hereunder has been compiled mainly on the basis of the outcome of different evaluations carried out over recent years.

The content of the Catalogue is meant to be used in the setting up of national databases which will provide the information for the SIS as well as in the preparation of the national section of the SIS and the SIRENE.

It is recalled that if EU classified information is handled by the users of Schengen IT systems, Council Decision 2001/264/EC adopting the Council’s security regulations is applicable (OJ L 101, 11.4.2001, p. 1). In that event, the security measures to be applied should be proportionate to the classification and volume of, and threat to, the information held.

Concerning the introduction of alerts in the SIS, it shall contain only those categories of data which are supplied by each of the Contracting Parties, as required for the purposes laid down in Articles 95 to 100 of the Schengen Convention. The Contracting Party issuing an alert shall determine whether the case is important enough to warrant entry of the alert in the SIS. However, the principle of availability should always be considered.

The role of the SIRENE in the working of the SIS is absolutely essential. Member States shall, in accordance with national legislation, exchange through the authorities designated for that purpose (SIRENE) all supplementary information necessary in connection with the entry of alerts and for allowing the appropriate action to be taken in cases where persons in respect of whom, and objects in respect of which, data have been entered in the Schengen Information System, are found as a result of searches made in this System (see Art. 92(4) of the Schengen Convention). For that purpose SIRENE shall have appropriate access to all relevant national information and expert advice. Exchanged supplementary information shall be used only for the purpose for which it was transmitted.

It is the responsibility of each SIRENE to perform the role of data quality assurance coordinator for the information that is introduced in the SIS. To this end the SIRENE shall have the necessary national competence to perform this role, for which it is responsible.

1. National section of the SIS
1.1.     Systems and organisation
– a national section for the SIS must be set up
providing 24/7 operation with sufficient
technical support at all times

– data integrity between N.SIS and
any national technical copies, where these
exist, must be guaranteed
– maintenance and service level commitments for
hardware and software should be provided to ensure the 24/7 operation

– real-time synchronisation of copies should be carried out

– regular database comparisons should be undertaken
1.2.     Communication infrastructure
– there should be a stable national network

– a rapid response time to queries should be

– appropriate and secure communication  solutions should be available to allow queries in SIS by mobile terminals    – appropriate maintenance and service level
commitments should be provided to guarantee
high availability of the network

– the response time should be less than 5 seconds

– at best, consular posts should have on-line
access to the relevant SIS data

2.1    National structure
– a SIRENE must be set up and designated as
the single point of contact for each Schengen
State in respect of SIS alerts and post-hit

– SIRENE operators should have 24/7 access to information sources or databases which provide alerts to the SIS or contain information required for supplementary information or for resolving issues with alerts

– the principle that Schengen alerts take
precedence over Interpol alerts should be
respected and enforced

– bearing in mind the primacy of SIS alerts, in those exceptional situations when SIRENE, Interpol or any other police co-operation authorities (e.g. liaison officers) use their own channels in order to provide the same information on the same person or object, a cross-reference should be made to ensure proper coordination in other Member States

– the SIRENE must have the number of staff  which corresponds to the number of alerts, number of hits and amount of related work, communication and specified tasks    – all offices responsible for international police
co-operation, should be accessed through a
single point of contact, be contained within the
same management structure and located at the
same site

–    – SIRENE staffing and support services should be regularly reviewed in the light of changes in workload and working practices
2.2    Organisation and system
– the SIRENE must provide 24/7 cover for
communication with all other SIRENEs and
national authorities

– all staff, including those who are assigned to
work out-of-office hours, should have the required competence and experience to provide the necessary service to other SIRENEs and deal with any incoming alerts

– in addition to administrative and operational staff, there is a defined need for IT support staff

– the SIRENE must be equipped with an  efficient and effective workflow system which respects the rules of the current version of the “Data exchange between  SIRENE”

– in addition to the agreed procedures for  the exchange of forms, the SIRENE must use the proper mailboxes for operative e-mail exchanges and fingerprint transmissions on the dedicated SIRENE network
– continuity of management, staff and technical
aspects is desirable for efficient operations

– flexibility of working arrangements may assist in managing the workload at peak periods

– maintenance and service level commitments for  hardware and software should be provided to ensure 24/7 operations

– an electronic workflow/case management system for SIRENE operators has been found to enhance the quality of work and reduce the possibility of mistakes. Automatic routing of incoming messages to the workflow system supports these goals

-the electronic workflow/case management system should interact with the N.SIS application and national systems in respect of the management of incoming and outgoing alerts; this should include automatic indications:
•    of whether a requested flag has been added
•    or deleted
•    of when an alert has changed
•    of the arrival of a new Art. 95 alert
•    of the deletion of an alert when a file related to that alert exists in the electronic workflow/case management system

– in cases where communication has to be carried out via the internet, the official mail address of the SIRENE should be used

– The use of non-certified e-mail addresses should be avoided

– Council Recommendation on SIRPIT, a method for electronic exchange of photos and fingerprints between law enforcement services, should be applied (Council doc. 9696/01/06)

– SIRENE should be provided with a direct link to the national AFIS database in order to access data in electronic format within its competences
– for such electronic transmission, the SIRPIT procedure should be available in each SIRENE

2.3    Recruitment and training
– the SIRENE should have a workforce able to
function on their own initiative, in order to
ensure efficient handling of cases

– all operators should have a good knowledge of  national legal issues, national law enforcement   (including a theoretical knowledge of police activities), national judiciary and immigration  administration system and, as a minimum, a basic knowledge of international Schengen legal issues    – there should be management support, including
access out-of-hours to legal and other expert
advice, to enable devolved responsibility
– special attention should be paid to human
resource management to ensure continuity of
personnel, which is an asset for enhancing the
quality of the SIRENE work
– a training system on the SIRENE workflow
should be available

– legal expertise should be available with a good knowledge of national and international law, a thorough knowledge of the Schengen
Convention, SIRENE Manual and related regulations and a theoretical knowledge of police activities

– staff with a law enforcement background are
needed in order to provide experience which
has been shown to be significantly advantageous and reduces the time required for training
– common standards and common
understanding should be established

– recruitment levels should take account of
the number of national alerts and the re-examination of these alerts at the end of their
validity period as well as of the number of hits
on the national territory and liaison with other SIRENE on hits on national SIS alerts in other Schengen states

– the SIRENE recruitment strategy should make provision for the validation of the existing Art. 95 files prior to the operational use of the SIS

– staff should have sufficient linguistic skills

– legal expertise can be provided through the recruitment of in-house legal advisors or organising legal training for SIRENE staff

– common training should be undertaken, at least once a year

– regular exchange of operators should be considered, starting prior to the operational use of the SIS

– this should be a key element in the recruitment
process and ongoing training for SIRENE staff

– SIRENE staff should get priority in language
– SIRENE operators should be able to communicate in English at least
– it is clearly desirable that operators are knowledgeable in the most commonly spoken languages, both for direct communication and the ability to manage documentation in the absence of translation support
3. End-users
3.1    Querying and user interface
– there is a need for querying or searching that
goes beyond exact match searching

– queries on fixed and mobile terminals should include queries of the SIS. Single query for both national and international systems is the most efficient way to guarantee systematic consultation of the SIS- direct access is preferable

– information both on national and international alerts should be shown simultaneously

– warning markers on persons, objects, vehicles  should be available to the end-user on the first screen

– when introducing national alerts, the insertion of the alert in the SIS should be set as a default function so that this insertion does not require an additional action on the part of the end-user

– the screen should display clear information and instructions about the actions the end-user has to carry out in case of a hit
– examples of this include phonetic queries, wildcard queries, fuzzy logic, soundex – it should be ensured that such a single query is not prevented by national legislation – it should be ensured that single query is quick and easy

– the largest possible number of data querying devices should be provided to end-users to allow direct queries

– alerts should be pre-checked at the national database level and from there be transferred to the N.SIS in an automated way

– in the case of misused identity, the procedure for dealing with a hit on a misused identity and the subsequent investigations that should be carried out to establish whether the person is the victim or the perpetrator of the misuse should all be clearly displayed on the screen

– applications should be developed in a- user-friendly way, allowing speedy and effective means of carrying out SIS tasks

– when entering a name during a query, the  system should check both the data on persons and on documents
– the user interface should allow and encourage that the name and, where applicable, the document number are entered simultaneously and the application should check both in the same query

3.2    Training
– national administrations should ensure awareness of interested parties in SIS: police and other (law enforcement) agencies, magistrates and prosecuting authorities

– the training on SIS should be included in the end-users’ initial training as well as in continuous training, already before the operational use of the SIS
National administrations should:
– provide permanent training of these parties

– make a training system available to end users

– ensure close contact of the interested parties
with SIRENE through liaison officers

– promote awareness via the relevant working groups (police co-operation, border control, police chiefs task force, judicial co-operation, terrorism working group) or via CEPOL

–  ensure that authorities responsible for public security are made (more) aware of the possibility of introducing alerts under Art. 96(2)(b)

– explain what effect the lifting of internal border controls has on police work

– explain the use of SIS as day-to-day police tool

– ensure that training covers both querying the system and introducing alerts

– seek participation of SIRENE staff in police schools’ SIS training

– handbooks on internal procedures should be

– updated instructions reflecting new functions
should be issued

– before Schengen provisions are applied, cascade training should be organised

– refresher courses should be provided once the
end-users have gained a certain level of experience

– manuals, including the SIRENE manual, information, training and refresher materials should be available on the police intranet or other media

– before operational use of the SIS, a newsletter informing end-users of the status of the project can ensure and guarantee their interest

– the implementation of SIS should be a seamless extension of current national querying methods so as to reduce the need for training

4. Data handling
4.1    Entry / modification / deletion of alerts
– at insertion, all alerts should satisfy the criteria to ensure that a hit will be followed up

– SIRENE should examine the files on existing alerts pursuant to Art. 95 before they are available to the end-user

– the supplementary information related to a EAW/IAW (A+M forms) should be transmitted without delay upon the introduction of the alert

– the priority and incompatibility rules should be respected

SIRENE should be empowered to ensure the creation, modification and/or deletion of SIS alerts.

– The SIRENE should initiate a process whereby Art. 95 alerts which have been issued before the entry into force of the national legislation transposing Council Framework Decision 2002/584/JHA on the European arrest warrant and the surrender procedures between Member States, shall be converted to comply with the Framework Decision (relevant for Schengen States applying EAW)

– If an Art. 96 alert on a third country national  has been entered by an immigration authority knowing he/she is a beneficiary of the right of free movement according to Directive 2004/38/EC, that authority should forward to the SIRENE of its Member State the relevant supplementary information at the time of creation of the alert

– the VIN number should be entered in the SIS alert on vehicle since it is the most relevant search criterion.

– alerts on documents should be entered in the SIS, even imperfect, but as complete as possible, according to the principle of availability
– it is important to inform the authorities which introduce alerts in the SIS about the consequences of such introductions, especially the obligation to follow up a hit

– comprehensive national procedures should be established defining responsibilities following a hit abroad (e.g. surrender, extradition, retrieving stolen vehicles)

– if it has not been possible to pre-validate all files on alerts pursuant to Art. 95, these alerts should nevertheless be made available to the end-users as soon as the system is open to the end users, without waiting for the result of the examination of the A-form by SIRENE; in this case, procedures must be established to ensure swift examination of the file if the alert is executed

– SIRENE operators should be allowed to manually delete alerts that do not respect the priority and incompatibility rules

– „secondary” alerts on a person should be kept available so that they can be inserted when the first alert on this person, with which the „secondary” alert was incompatible, expires

– SIRENE operators should be able to create, modify and/or delete their national SIS alerts

– after conversion all flags requested for Art. 95 should be revised  to open up a way for efficient application of the EAW

– where an EAW has been sent directly to the executing judicial authority and the location of the requested person is known* („known” should reflect the fact, that the location of the requested person is fixed and unchanging e.g. in prison for known period of time – a „suspected  location being insufficient), SIRENE should inform any judicial authority asking for the creation of an SIS alert that there is no need for it in such circumstances.  However the requesting judicial authority may, in any event, decide whether or not to issue an SIS alert.”

* Article 9(1) of the Council Framework Decision of 13 June 2002 on the European Arrest Warrant and Surrender Procedures between Member States (2002/584/JHA)

4.2    Exchange of forms and other communication
– for utmost efficiency in bilateral communication, languages familiar to both parties shall be used

– The response should be provided to demanding SIRENE as soon as possible.
– the practice for multilateral exchange of forms is to send the forms at least in English

– When urgent requests cannot be dealt within 12 hours, the requesting SIRENE should be notified and informed about the reason for the delay accordingly.
In case of non response Heads of SIRENE should be involved in the resolution of the issue

Art. 97 alerts on missing children should be entered in SIS as soon as possible, any additional information which may help in the search (photo, description, additional information on possible route, kidnapper/ abductor, vehicle used) including request for „Child Alert”  , should be immediately provided to SIRENE for onward transmission to selected SIRENEs as appropriate.

– before extending an alert, its on-going validity and relevance should be re-examined

– Schengen ID-numbers should not be re-used with different data.

– the time between the incident giving rise to the decision and the introduction of an alert in the SIS should be minimised

– alerts that fulfil the requirements set out in the Schengen Convention should, insofar as possible, be entered in the SIS in an automated way: if the SIRENE has to manually copy such alerts from national systems to insert them in the SIS, this often causes delay    The kidnapper/abductor of the missing child and vehicles possibly used should be entered in SIS using appropriate types of alert, while notifying other SIRENEs about connection between alerts on an M form

– the entry of alerts should preferably be done in
real time

– the entry of alerts should be decentralised (especially on objects) as much as possible to avoid delays due to internal administrative procedure, such as posting the alerts to data input centres

– where direct introduction is not possible, a quick
means of transmission should be provided to
send the information from the local level to the
level where the data are inserted, in particular
for alerts on missing children and stolen
– data quality measures should be set up to avoid SIS alerts adversely affecting persons unconcerned with the alert    –  an alert should be deleted from the SIS when it is established that a stolen vehicle has been lawfully obtained by a bona fide owner
– the systematic input of alerts in the SIS should be enhanced as much as possible and national criteria should be set for such introduction

– at insertion, it should be checked that there is no multiple alert

– SIRENE should be able to resolve cases of misused identity without delay    use of Art. 99 alert should always be one of the measures considered when dealing with serious crimes and/or threats to public order or as a supportive measure when searching for wanted persons

– national legislation should allow for all actions to be taken in accordance with the Schengen Convention, notably „specific checks” pursuant to Art. 99

– the M form should follow the Art. 99 alert requiring specific check, where appropriate, specifying the reasons for the alert and providing any useful details

– the system should automatically check for possible multiple alerts through searching that goes beyond exact match searching
4.3    Follow-up of hits
– the SIRENE must be the single point of contact and the conduit for the transmission of all information in relation to post-hit procedures

– for alerts pursuant to Art. 95, the SIRENE must be the single point of contact and is responsible for the post-hit exchange of information until at least the start of the formal surrender/extradition procedure
– the exchange of all information not requiring a   letter rogatoire should be sent through SIRENE

– where possible and/or appropriate, the SIRENE may facilitate any further exchange of information subsequent to arrest

– Transmission of the original EAW or extradition request via SIRENE should be avoided, unless the SIRENE has also been designated as Central Authority

– For a transitional period, until the SIS is capable of transmitting all the information set out in a EAW form, the alert shall be equivalent to a EAW pending the receipt of the original in due and proper form by the executing judicial authority (cf. Council Framework Decision 2002/584/JHA). National judicial authorities should be familiar with the A and M forms in order to accept the SIS alert accompanied by the supplementary information provided in those forms as a preliminary legal basis for further detention of the person sought, pending the receipt of the original of the EAW.

– to enable SIRENE to carry out their tasks efficiently, judicial decisions on surrender or extradition procedures should be communicated, without delay, after they have been made.

– a reply, or at least a preliminary answer on the status of the case, should be sent within the set time periods
– SIRENE should provide, in a G form, all available information about the address of the competent judicial authority, time limit and language in which the EAW has to be presented

– an alert should be deleted from the SIS once the need for the alert no longer exists

– procedures should be established to ensure that actions on lost objects are rapidly carried out

– each Member State should be able to provide statistics on hits    – alerts pursuant to Art. 95 should be deleted once surrender or extradition has taken place

– it should be ensured that the authorities responsible for the application of legislation on third country nationals are available 24/7 or organised in such a way that deadlines for the provision of supplementary information can be respected: the SIRENE could be given access, respecting its competences, to the database of these authorities

– alerts on adults pursuant to Art. 97, not requiring to be placed under protection, should be deleted upon a hit

– other alerts pursuant to Art. 97 should be deleted when the protective measures have been executed

– alerts pursuant to Art. 98 alert should be deleted once information on the whereabouts of the person sought is clearly established and communicated to the SIRENE in the requesting state

– an alert on a stolen vehicle (including multiple alerts) should be deleted to coincide with the return of the vehicle to the lawful owner

– the roles and responsibilities of all concerned parties in relation to hits on objects and post hit procedures should be clearly defined

– every hit should be accurately registered in a way which facilitates retrieval of accurate statistics across the range of users
4.4    Data quality measures
– there should be automated introduction of SIS data, via a link between the relevant national databases and the N.SIS database, while respecting the principle of proportionality

– automated introduction of alerts should be accompanied by a real-time automated change/deletion in the SIS following a change/deletion in the national system    – this recommendation is satisfied where the introduction in the SIS is set as a default option, as recommended in chapter 3.1

– alerts should be as complete as possible

– alerts should be updated when further data become available such as the document number of an issued document or VIN of a stolen car
– the data of the alert should be checked, preferably in an automated way, against national registers

– the SIRENE of the Member State of origin of a stolen object inserted in the SIS by another Member State should provide to the SIRENE of the inserting Member State all available information for completing/up-dating/correcting the alert as soon as it is informed about such an alert

– the SIRENE should coordinate data quality assurance

– the SIRENE must validate every alert pursuant to Art. 95

– the transliteration rules should be respected – specific information on transliteration rules should be made available to the end-users

– the end-users should be trained to ensure proper application of data quality measures    – the SIRENE should have the national competence as well as the operational and technical means to ensure data quality, including having access to national databases, within its competences

– the SIRENE should be involved in users’

– the lists of hits should be checked against the lists of deleted alerts

– the alerts/hits ratio should be reviewed and studied

– there should be regular checks with the local authorities on whether it is necessary to retain an alert on a missing minor

– introducing information with no added value is not allowed, e.g. „unknown” or „?” in either mandatory or optional fields

5. Security
5.1    Planning of data security work
– the determination of a security policy for the Schengen IT systems (N.SIS, C.SIS, SIRENE and end-users’ systems) should be an integral part of the definition of the overall security policy of the authorities concerned
– the security policy adopted has to be documented in writing by the competent authorities

– it is vital to allocate the necessary resources for preparing and maintaining security measures

– at the national level, procedures and areas of responsibility should be established to ensure that all security measures are continuously updated and revised

– the update or revision of policy and procedures should, as far as practicable, be carried out once a year so that they are constantly fit for purpose and reflect existing conditions

– in addition, update and revision should take place following significant or serious incidents or following system changes that have an impact on data security
5.2    Security organisation and asset control
– efforts to ensure data security should – whenever appropriate – be planned within the framework of a security organisation, which may comprise one or more authorities

– it must be ensured that all important parts (assets) of the systems are well identified, so that they can be protected in accordance with their importance
– a register of relevant IT equipment should therefore be maintained on an ongoing basis – in addition, updated network and system documentation, showing for instance the connection and functionality of the specific system elements, should be available

– responsibilities and authority delegated to persons involved in data security work should be clearly defined, possibly in connection with the job descriptions of the persons concerned
– it will normally be appropriate to provide documentation on the organisation of security work by means of an organisational chart
5.3    Personnel security
– only persons with specific authorisation may have access to SIS data and to equipment used to process SIS data

– users may only search data which they require for the performance of their tasks
– there should be screening of personnel as part of the initial recruitment procedure and then repeated every 5 years of service

– job descriptions for personnel with access to SIS data and to equipment used to process SIS data should include information on compliance with security requirements

– staff recruitment practices should attach importance to knowledge of data security – personnel must take part in the necessary user training programme, including all applicable rules on data security
– confidentiality and secrecy agreements must  be concluded with all persons who do not belong to any national authority

– these persons must have the necessary security clearance or certification

– they should only have access to SIS data where this is required for the performance of their tasks

– chains of command and procedures must be defined, ensuring that security incidents or suspected security incidents are reported as quickly as possible

– data security procedures must be known by all internal personnel and external contractors

– feedback processes must be implemented to
ensure that information about the outcome and debriefing is communicated, once a security incident has been dealt with and finished

– any breach of security rules must be subject to correct disciplinary action, in conformity with national legislation

5.4    Physical security
– SIS data processing facilities (N.SIS, C.SIS
and SIRENE) and other critical or sensitive
resources, such as media storage areas, must
be housed in secure areas, each one protected
by a defined security perimeter with
appropriate physical barriers and entry controls

– the area must be appropriately protected
against any form of unauthorised intrusion
– the external walls must be of solid construction
and the access doors must be suitably
protected against unauthorised access, e.g. by
control mechanisms, bars, alarms and locks
– a building or site containing SIS data
processing facilities must have a
reception area with appropriate staffing or other means to control
physical access
– access to the secure areas containing the SIS
data processing and media storage facilities
must be controlled and restricted to authorised
-SIS data processing facilities and other critical or sensitive resources should be organised as  a class II security area as defined by
Council Decision 2001/264/EC
(the degree of security depending on the amount and form of the information held)- computers should be located underground (or comparable level of security)
– different security zones should be established including:
access cards (or comparable level of security)
– guards
– monitoring by CCTV

– there should be monitoring of entries and exits

– visitors to secure areas should be supervised or security  cleared
– visitors should only be granted access for
specific, authorised purposes
– third party support service personnel should
be granted restricted access to secure areas
only when required
– this access must be authorised and monitored

5.5    Equipment security
– all equipment used to process or store SIS data
must be protected against accidental damage
or loss and unauthorised access

5.6.1 SIS data processing equipment
– SIS data processing equipment must be located in an area to which access is minimised and strictly controlled

– continuous monitoring must be carried out to
minimise the risk of potential threats,
including criminal or terrorist assaults, fire,
overheating due to climate control failure,
structural collapse after explosion, and
penetration of water
– in order to achieve continuity of power
supplies, the following equipment must be
ready and regularly checked and tested:
an uninterruptible power supply (UPS),
that keeps the essential functions running
a backup generator for continued
processing in case of a prolonged power

– telecommunications cables must be protected
to the necessary extent

The IT facilities should include:
– fire, heat and smoke detection systems
– automatic fire extinguishing system
– sufficient air-conditioning

– electronic network equipment must be
installed in locked rooms or locked cabinets

– only authorised maintenance personnel may
carry out repairs and equipment maintenance
– there should be a separate back-up system, with regular checks of the
switch between the back-up and operational

Back-up facilities should take into account:
– cold/hot standby or mirrored sites
– remote location so that a disaster affecting
one site does not affect the other

5.6.2    Terminal and PC workstations
– terminals, PC workstations and printers must
be situated so as to ensure that unauthorised
persons cannot read data thereon
– procedures should be established to monitor
printing from screen and SIS data
– PC and terminal sessions must
automatically  log off or „time-out” after a period of noactivity and they must be protected by locking
devices, passwords or other control measures
whenever they are not in use
– terminals, PC workstations and printers that
are installed in rooms to which there is access
for the general public must be monitored

5.7    Communications and operating management
5.7.1    Operating procedures and responsibility
– the operating procedures established by the
individual Schengen States must be
documented, regularly reviewed and updated
– they must as a minimum, comprise the
•    procedures for day-to-day operating
measures such as back-up, anti-virus
updating, network monitoring, etc.
•    procedures for handling data media and
other assets
•    procedures concerned with access
•    instructions on how to handle errors or
other exceptional conditions
•    support contacts in case unexpected
operating or technical difficulties arise
•    procedures for restarting and restoring the
system after any system failure
•    satisfactory control of all modifications of SIS data processing facilities and systems should be ensured, including hardware, software or procedures
•    there needs to be clear responsibility, instructions and procedures for handling such modifications

5.7.2    Procedures for incident management
– there must be emergency plans and escalation
procedures to be used for remedying incidents that may potentially interrupt the operation of the system and make the Schengen IT systems
fully or partly inaccessible
– if an incident occurs which will not render the entire system inaccessible but will compromise data security, procedures must have been defined for detecting and handling such incidents

5.7.3    Protection against malicious software
– to protect the integrity of software and data, a
range of security measures should routinely be taken to
prevent and detect the intrusion of malicious
software and contribute to restoring systems
– these should include control measures for
protection against viruses, worms, Trojan
horses and other malicious software
– as a minimum the following elements should
be included:
•    a formal policy requiring compliance with software licenses and prohibiting the use of unauthorised software
•    anti-virus detection and repair software should be deployed across all PC’s with regular virus definition updates and scanning across servers, PC’s and laptop computers; exceptions, if any, should be documented
•    any electronic mail attachments and downloads will be checked for malicious software before use; it should be stated where this check will be carried out: e.g. at electronic mail servers or when entering the network
•    formal procedures for reacting against virus-related incidents have to be available

– attachments which are exe.files,
encrypted, or contain macros, passwords or similar suspect processes should not be opened

5.7.4    Backup
– backup copies of SIS data, configuration files
and applications must be taken regularly
– daily copies should be made

– all backup systems must be tested regularly to ensure that they conform to the requirements of the operating plans

– backup data must be subject to the required physical protection and kept in separate
geographical locations

– restoring procedures must be checked and
tested regularly

– copies should be kept in at least two different locations

– restoring procedures should be tested twice a year

5.7.5    Network management
– national transmission of SIS data may only use networks which are protected against
unauthorised access
– networks must be constantly monitored
– measures have to be taken to protect SIS data during transmission via communication networks
– access to SIS data from public networks such
as the Internet must not be possible
– transmission of passwords and other security
elements must be protected by encryption
– encrypted network / radio / fax should be used

– secure communications between the SIRENE
and field offices / operational officers for the
exchange of personal data should be used
– access to the Internet
through the police network should be avoided

5.7.6    Handling of data media
– the number of technical copies of SIS data
must be restricted to the minimum necessary
(see Art. 102(2) of the Schengen Convention)
– procedures must be established for handling
and storing SIS data in order to protect such
data against unauthorised retransmission or
– such procedures should comprise:

•    only authorised personnel should have access to computer-based storage media containing SIS data
•    all media containing SIS data must be marked appropriately and adequately protected during transportation
•    media that are obsolete or no longer required must be rendered unusable, or when they are reused, be treated in such a way as to eliminate all SIS data
•    archives should be secure
•    access to archives should be controlled and restricted to designated staff
•    such access should be monitored and registered
•    archives should be managed to ensure that deletion policies are followed
– any communication with consular posts on SIS data must be secure
– the erroneous distribution of data by
inappropriately recycling material, including
paper should be prevented
– replacement of media should be carried out by competent authorities
or designated/screened company
– procedures should be in place for storing and destroying material and/or maintaining a
clean desk policy
– electronic archives should provide the best security
guarantees including logging of access to and
use of the files and audit facilities
– the inclusion of automatic
weeding and deletion functions in electronic archives is recommended
– in the case of physical archives, a combination
of a magnetic card and a personal code to
access the archives, or procedures of comparable security, are thought to be the best
– print-outs in respect of electronic archives
should be avoided and in any case destroyed
after use

5.8    User access control
– there must be a user registration and de-registration procedure for granting
access to the different systems and services

– this procedure must include:
•    using unique user IDs, so that actions of
individual users can be accounted for and
users can be made responsible for their
actions; therefore, the use of group IDs
must not be allowed
•    each user must only have the minimum set
of access rights needed for the normal
execution of their job
•    immediately removing access rights to SIS
data whenever the respective users cease to
exercise functions that require such access
•    periodically checking that the level of
access granted is in accordance with the user
•    periodically checking for, and removing,
redundant user IDs and accounts
– the allocation and administration of passwords
must be controlled by a formal procedure
ensuring that:
•    users are informed and aware of their
obligations in respect of their passwords
passwords are communicated to users in a
safe way
•    users are required to regularly change their
passwords and reuse of passwords is
•    passwords are never stored in the computer
system without any protection
– a procedure must  be established to ensure
regular revision of all user access rights
– there should be a system of validation of queries on a sample basis

– the application may include a technical
function to automatically close a user account
when it has not been used for e.g. two weeks

– the user ID and account can be automatically
linked to the personnel status

– a password should be changed every 60 to 90

5.9    Monitoring system access and use
– the national use of the Schengen IT systems
must be monitored in order to ensure detection
of unauthorised activities

– the transmission of personal data shall be
recorded in accordance with Art. 103 of the Schengen Convention

– a log of the user’s log-on, and, as far as
possible log-off, attempts to connect or failed connections and attempts at unauthorised use of data should be kept for the period as set out in Art. 103 of the Schengen Convention

– the data recorded should include user ID, date and hour of the incident and, if possible, the identity and location of the terminal
– logs and audit trails in respect of SIRENE files
should be pro-actively monitored and retained
in accordance with national law
– electronic workflow/case management systems
provide the best means of ensuring that every
action taken on a SIRENE file is logged and

5.10    Development and maintenance
– to minimise the risk of damage to operational
systems, security control measures must be
established for data and programs

– it should be ensured, for example, that the
updating of operational systems, including
program libraries, is only carried out with
prior approval
– before approval is granted, it has to be ensured that the update has been tested and
documented satisfactorily

– a test system must be available separately from
the production environment, so that changes
can be tested before they are made operational
and no test data are introduced in the
operational system
– any use of real SIS data for testing purposes
shall be avoided

5.11    Emergency planning
– each Schengen State must establish and
implement suitable emergency planning
measures, taking account, for example, of the
following situations:
•     N.SIS or network inaccessibility is noted
•    some or all users are unable to search SIS data due to problems in the national IT infrastructure

– the emergency plans have to be based on a risk assessment of the threats that may lead to
inability to access the system and the impact of
the threats on the other Schengen States

– emergency plans must, at a minimum, include the following:

•    criteria for implementing the plans and measures to be taken immediately to assess the situation
•    escalation procedures, in accordance with the procedures agreed upon for the Schengen States, with a view to informing the national management authorities, C.SIS and other Schengen States
•    emergency procedures describing the measures to be taken after an incident that interferes with access to the system
•    fallback procedures describing the measures to be taken to shift essential N.SIS operations to alternative temporary servers
•    system restore procedures describing the measures to be taken to restore normal operation
– emergency plans must be updated and staff
routines tested regularly
5.12    Control
– procedures have to be established which
ensure ongoing control of compliance with
the applicable European and national legislation as well as administrative rules
– regular security audits should be carried out by persons external to the IT department



Lasă un răspuns

Completează mai jos detaliile tale sau dă clic pe un icon pentru a te autentifica:

Logo WordPress.com

Comentezi folosind contul tău WordPress.com. Dezautentificare / Schimbă )

Poză Twitter

Comentezi folosind contul tău Twitter. Dezautentificare / Schimbă )

Fotografie Facebook

Comentezi folosind contul tău Facebook. Dezautentificare / Schimbă )

Fotografie Google+

Comentezi folosind contul tău Google+. Dezautentificare / Schimbă )

Conectare la %s