EUR-Lex Access to European Union law

Back to EUR-Lex homepage

This document is an excerpt from the EUR-Lex website

Document 32017D0046R(01)

Corrigendum to Commission Decision (EU, Euratom) 2017/46 of 10 January 2017 on the security of communication and information systems in the European Commission (OJ L 6, 11.1.2017)

C/2017/4924

OJ L 261, 11.10.2017, p. 31–33 (BG, ES, CS, DA, DE, ET, EL, EN, FR, IT, LV, LT, HU, MT, NL, PL, PT, RO, SK, FI)
OJ L 261, 11.10.2017, p. 31–34 (SL, SV)
OJ L 261, 11.10.2017, p. 31–35 (HR)

ELI: http://data.europa.eu/eli/dec/2017/46/corrigendum/2017-10-11/oj

11.10.2017   

EN

Official Journal of the European Union

L 261/31


Corrigendum to Commission Decision (EU, Euratom) 2017/46 of 10 January 2017 on the security of communication and information systems in the European Commission

( Official Journal of the European Union L 6 of 11 January 2017 )

On page 44, in Article 3, the final sentence:

for:

‘The processes related to these principles and activities shall be further detailed in implementing rules.’

read:

‘8.   The processes related to the principles and activities set out in paragraphs 1 to 7 shall be detailed further in implementing rules in accordance with Article 13.’

On page 45, in Article 5, the final sentence:

for:

‘The processes related to these responsibilities and activities shall be further detailed in implementing rules.’

read:

‘8.   The processes related to the responsibilities and activities set out in paragraphs 1 to 7 shall be detailed further in implementing rules in accordance with Article 13.’

On page 45, in Article 6, point (7):

for:

‘(7)

develop the related IT security standards and guidelines in relation to Article 6, in close cooperation with the Directorate-General for Informatics.’

read:

‘(7)

develop the related IT security standards and guidelines set out in points (1) to (6), in close cooperation with the Directorate-General for Informatics.’

On page 45, in Article 6, the final sentence:

for:

‘The processes related to these responsibilities and activities shall be further detailed in implementing rules.’

read:

‘(8)

The processes related to the responsibilities and activities set out in points (1) to (7) shall be detailed further in implementing rules in accordance with Article 13.’

On page 46, in Article 7, the final sentence:

for:

‘The related processes and more detailed responsibilities shall be further defined in implementing rules’

read:

‘(15)

The processes related to the responsibilities and activities set out in points (1) to (14) shall be detailed further in implementing rules in accordance with Article 13.’

On page 46, in Article 8, the final sentence:

for:

‘The processes related to these responsibilities and activities shall be further detailed in implementing rules.’

read:

‘(11)

The processes related to the responsibilities and activities set out in points (1) to (10) shall be detailed further in implementing rules in accordance with Article 13.’

On page 47, in Article 9(3), the second subparagraph:

for:

‘The processes related to these responsibilities and activities shall be further detailed in implementing rules.’

read:

‘4.   The processes related to the responsibilities and activities set out in paragraphs 1 to 3 shall be detailed further in implementing rules in accordance with Article 13.’

On page 48, in Article 10(3), the second subparagraph:

for:

‘The processes related to these responsibilities and activities shall be further detailed in implementing rules.’

read:

‘4.   The processes related to the responsibilities and activities set out in paragraphs 1 to 3 shall be detailed further in implementing rules in accordance with Article 13.’

On page 48, in Article 11:

for:

‘In relation to IT security, the LISO shall:

(a)

proactively identify and inform system owners, data owners and other roles with IT security responsibilities in Commission department(s) about the IT security policy;

(b)

liaise on IT-security-related issues in Commission department(s) with the Directorate-General for Informatics as part of the LISO network;

(c)

attend the regular LISO meetings;

(d)

maintain an overview of the information security risk management process and of the development and implementation of information system security plans;

(e)

advise data owners, system owners and heads of Commission departments on IT-security-related issues;

(f)

cooperate with the Directorate-General for Informatics in disseminating good IT security practices and propose specific awareness-raising and training programmes;

(g)

report on IT security, identify shortfalls and improvements to the Head of the Commission department(s).

The processes related to these responsibilities and activities shall be further detailed in implementing rules.’

read:

‘1.   In relation to IT security, the LISO shall:

(a)

proactively identify and inform system owners, data owners and other roles with IT security responsibilities in Commission department(s) about the IT security policy;

(b)

liaise on IT-security-related issues in Commission department(s) with the Directorate-General for Informatics as part of the LISO network;

(c)

attend the regular LISO meetings;

(d)

maintain an overview of the information security risk management process and of the development and implementation of information system security plans;

(e)

advise data owners, system owners and heads of Commission departments on IT-security-related issues;

(f)

cooperate with the Directorate-General for Informatics in disseminating good IT security practices and propose specific awareness-raising and training programmes;

(g)

report on IT security, identify shortfalls and improvements to the Head of the Commission department(s).

2.   The processes related to the responsibilities and activities set out in paragraph 1 shall be detailed further in implementing rules in accordance with Article 13.’

On page 48, in Article 12(2), the second subparagraph:

for:

‘The processes related to these responsibilities and activities shall be further detailed in implementing rules.’

read:

‘3.   The processes related to the responsibilities and activities set out in paragraphs 1 and 2 shall be detailed further in implementing rules in accordance with Article 13.’

On page 49, in Article 13(1):

for:

‘The adoption of the implementing rules on Article 6, and of the related standards and guidelines, will be subject to an empowerment decision by the Commission in favour of the Member of the Commission responsible for security matters’

read:

‘The adoption of the implementing rules referred to in point (2) of Article 6 and of related standards and guidelines may be subject to an empowerment decision by the Commission in favour of the Member of the Commission responsible for security matters.’

On page 49, in Article 13(2):

for:

‘The adoption of all other implementing rules in relation to this decision, and of the related IT security standards and guidelines, will be subject to an empowerment decision by the Commission in favour of the Member of the Commission responsible for informatics.’

read:

‘The adoption of all other implementing rules in relation to this decision, and of the related IT security standards and guidelines, may be subject to an empowerment decision by the Commission in favour of the Member of the Commission responsible for informatics.’

On page 49, in Article 14(5), the second subparagraph:

for:

‘The processes related to these responsibilities and activities shall be further detailed in implementing rules.’

read:

‘6.   The processes related to the responsibilities and activities set out in paragraphs 1 to 5 shall be detailed further in implementing rules in accordance with Article 13.’

On page 50, in Article 15(14), the second subparagraph:

for:

‘The processes related to these responsibilities and activities shall be further detailed in implementing rules.’

read:

‘15.   The processes related to the responsibilities and activities set out in paragraphs 1 to 14 shall be detailed further in implementing rules in accordance with Article 13.’


Top