Commission Regulation (EC) No 2216/2004 (repealed)Dangos y teitl llawn

CHAPTER VISECURITY STANDARDS, AUTHENTICATION AND ACCESS RIGHTS

Article 64Security standards

1.Each registry shall comply with the security standards set out in Annex XV.

2.The Community independent transaction log shall comply with the security standards set out in Annex XV.

Article 65Authentication

The Member States and the Community shall use the digital certificates issued by the Secretariat to the UNFCCC, or an entity designated by it, to authenticate their registries and the Community independent transaction log to the UNFCCC independent transaction log.

However, from 1 January 2005 until the communication link between the Community independent transaction log and UNFCCC independent transaction log is established, the identity of each registry and the Community independent transaction log shall be authenticated using digital certificates and usernames and passwords as specified in Annex XV. The Commission, or an entity designated by it, shall act as the certification authority for all digital certificates and shall distribute the usernames and passwords.

Article 66Access to registries

1.An authorised representative shall only have access to the accounts within a registry which he is authorised to access or be able to request the initiation of processes which he is authorised to request pursuant to Article 23. This access or these requests shall take place through a secure area of the website for that registry.

The registry administrator shall issue each authorised representative with a username and password to permit the level of access to accounts or processes to which he is authorised. Registry administrators may apply additional security requirements at their discretion if they are compatible with the provisions of this Regulation.

2.The registry administrator may assume that a user who has entered a matching username and password is the authorised representative registered under that username and password, until such point that the authorised representative informs the registry administrator that the security of his password has been compromised and requests a replacement. The registry administrator shall promptly issue such replacement passwords.

3.The registry administrator shall ensure that the secure area of the registry website is accessible to any computer using a widely available Internet browser. Communications between the authorised representatives and the secure area of the registry website shall be encrypted in accordance with the security standards in Annex XV.

4.The registry administrator shall take all necessary steps to ensure that unauthorised access to the secure area of the registry website does not occur.

Article 67Suspension of access to accounts

1.The Central Administrator and each registry administrator may only suspend an authorised representative’s password to any accounts or processes to which he would otherwise have access if the authorised representative has, or that administrator has reasonable grounds to believe the authorised representative has:

(a)attempted to access accounts or processes which he is not authorised to access;

(b)repeatedly attempted to access an account or a process using a non-matching username and password; or

(c)attempted, or is attempting, to undermine the security of the registry or the registries system.

2.Where access to an operator holding account has been suspended pursuant to paragraph 1 or pursuant to Article 69 between 28 April and 30 April in any year from 2006 onwards, the registry administrator shall, if so requested by the account holder and following submission of his authorised representative's identity by means of supporting evidence, surrender the number of allowances and use the number of CERs and ERUs specified by the account holder in accordance with the allowance surrender process set out in Article 52 and 53 and Annex IX.