In relation to IT security, the Directorate-General for Human Resources and Security has the following responsibilities. It shall:

1. (1)

   assure alignment between the IT security policy and the Commission's information security policy;

2. (2)

   establish a framework for the authorisation of the use of encrypting technologies for the storage and communication of information by CISs;

3. (3)

   inform the Directorate-General for Informatics about specific threats which could have a significant impact on the security of CISs and the data sets that they process;

4. (4)

   perform IT security inspections to assess the compliance of the Commission's CISs with the security policy, and report the results to the ISSB;

5. (5)

   establish a framework for the authorisation of access and the associated appropriate security rules to Commission CISs from external networks and develop the related IT security standards and guidelines in close cooperation with the Directorate-General for Informatics;

6. (6)

   propose principles and rules for the outsourcing of CISs in order to maintain appropriate control of security of the information;

7. (7)

   develop the related IT security standards and guidelines in relation to Article 6, in close cooperation with the Directorate-General for Informatics.

The processes related to these responsibilities and activities shall be further detailed in implementing rules.