CHAPTER 2ORGANISATION AND RESPONSIBILITIES
Article 5Information Security Steering Board (ISSB)
1.
The ISSB shall be chaired by the Deputy Secretary-General responsible for IT security governance in the Commission. Its members shall represent business, technology and security interests across the Commission departments and include representatives of the Directorate-General for Informatics, the Directorate-General for Human Resources and Security, the Directorate-General for Budget, and, on a 2-year rotating basis, representatives of four other Commission departments involved where IT security is a major concern for their operations. Membership is at senior management level.
2.
The ISSB shall support the Corporate Management Board in its IT-security-related tasks. The ISSB shall take the operational responsibility for the governance of IT security as a whole within the Commission.
3.
The ISSB shall recommend the Commission's IT security policy for adoption by the Commission.
4.
The ISSB shall review and report biannually to the Corporate Management Board on governance matters as well as on IT-security-related issues, including serious IT security incidents.
5.
The ISSB shall monitor and review the overall implementation of this decision and report on it to the Corporate Management Board.
6.
On the proposal of the Directorate-General for Informatics, the ISSB shall review, approve and monitor the implementation of the rolling IT security strategy. The ISSB shall report on it to the Corporate Management Board.
7.
The ISSB shall monitor, evaluate and control the corporate information risk treatment landscape and shall have the power to issue formal requirements for improvements wherever necessary.
The processes related to these responsibilities and activities shall be further detailed in implementing rules.