Instructions for Handling Nato and Eu Classified Information
Total Page:16
File Type:pdf, Size:1020Kb
Pursuant to Article 43b of the Classified Information Act (Official Gazette of the Republic of Slovenia, No. 50/06 – official consolidated text) the Government Office for the Protection of Classified Information hereby issues
INSTRUCTIONS FOR HANDLING NATO AND EU CLASSIFIED INFORMATION
GENERAL PROVISIONS
Article 1
These Instructions summarise provisions contained in international treaties concluded by the Republic of Slovenia (hereinafter referred to as RS) with NATO and the European Union (hereinafter referred to as EU), provisions of the Classified Information Act (Official Gazette of the Republic of Slovenia, No. 50/06 – official consolidated text) and regulations issued on the basis of the Act, as well as other regulations governing document management and applied in connection with procedures related to the handling of NATO or EU classified information (hereinafter referred to as classified information): Receiving and opening mail containing classified information; Recording of classified information; Reproduction of classified information; Transmission and distribution of classified information; Storage and archiving of classified information; Destruction of classified information.
Article 2
Handling of classified information is regulated by the following national, NATO and EU regulations:
1. National regulations concerning classified information and document management: Classified Information Act (Official Gazette of the Republic of Slovenia, No. 50/06 – official consolidated text), Decree on Protection of Classified Information (Official Gazette of the Republic of Slovenia, No. 74/05), Decree on Protection of Classified Information in Communication and Information Systems (Official Gazette of the Republic of Slovenia, No. 48/07), Decree on Administrative Operations (Official Gazette of the Republic of Slovenia, Nos. 20/05, 106/05, 30/06, 86/06, 32/07, 63/07 and 31/08), Rules on the Implementation of the Decree on Administrative Operations (Official Gazette of the Republic of Slovenia, Nos. 75/05 and 47/08), Protection of Documents and Archives and Archival Institutions Act (Official Gazette of the Republic of Slovenia, No. 30/06), Decree on Protection of Documents and Archives (Official Gazette of the Republic of Slovenia, No. 86/06). 2. NATO security policy concerning classified information: NATO Security Policy – document C-M(2002)49-COR3), dated 5 December 2006, Directive on Physical Security – document AC/35-D/2001-REV2), dated 7 January 2008, Directive on the Security of Information – document AC/35-D/2002-REV3), dated 6 December 2006, Primary Directive on INFOSEC – document AC/35-D/2005-REV1), dated 19 October 2006, INFOSEC Management Directive for CIS, AC/35-D/2005-REV1), dated 19 October 2006, ACO Security Directive AD 70-1, Allied Command Operations Courier System, number 15-25), dated 15 May 2007, Act Ratifying the Agreement between the Parties to the North Atlantic Treaty for the Security of Information (Uradni list RS, No. 83/04), Memorandum of Understanding between the Supreme Headquarters Allied Powers Europe (SHAPE) and the Ministry of Defence of the Republic of Slovenia regarding transportation of classified material, signed by the Ministry of Defence on 21 February 2007.
3. EU security policy concerning classified information: Council Decision (2001/264/EC), Commission Decision (2001/844/EC, ECSC, Euratom), Act Ratifying the Security Agreement between the Government of the Republic of Slovenia and the Western European Union (Official Gazette of the Republic of Slovenia, No. 20/99).
Article 3
These instructions shall be followed by the Central Registry, sub-registries and control points (hereinafter referred to as “registries”), as well as agencies, organisations and individuals in agencies and organisations handling classified information.
The provisions of these instructions shall be applied mutatis mutandis for the handling of other foreign classified information, unless otherwise provided in an international treaty concluded by the RS with a foreign state or an international organisation.
Article 4
The comparable levels of classification are: Republic of NATO EU Slovenia INTERNO NATO RESTREINT UE RESTRICTED ZAUPNO NATO CONFIDENTIEL CONFIDENTIAL UE TAJNO NATO SECRET SECRET UE STROGO TAJNO COSMIC TOP TRÈS SECRET SECRET UE/EU TOP SECRET
Article 5
In addition to the terms defined in regulations under the first paragraph of Article 2 hereof, other terms having the following meaning are used in these instructions: 1. Viewing of classified information shall mean any acquaintance with the content of classified information; 2. Distribution of classified information shall mean the dissemination of classified information to registries, agencies, organisations or individuals in agencies and organisations laid down in the distribution list; 3. A distribution list shall be a list of registries, agencies, organisations or individuals in agencies and organisations who are entitled to view an individual item of classified information on a need-to-know basis; 4. Exceptional circumstances are an impending or actual crisis, conflict, or states of war; 5. Reproduction of classified information is any photocopying, scanning, copying, translating of or making extracts from classified information; 6. The NATO registry system comprises the Central Registry, sub-registries and control points for the handling of NATO classified information in the RS; 7. The EU registry system comprises the Central Registry and sub-registries for the handling of classified information in the RS.
Article 6
NATO classified information shall be handled in the RS in compliance with the NATO security policy, and EU classified information in compliance with the EU security policy unless a referral to national legislation is made in the provisions of the NATO or EU security policy.
Article 7
Classified information shall be handled in communication, information and other electronic systems for which a security clearance has been issued concerning their operation in accordance with Article 4 of the Decree on Protection of Classified Information in Communication and Information Systems and taking into consideration the regulation on working procedures in the system, unless otherwise provided by an international treaty signed between the RS and a foreign state or an international organisation.
RECEIVING AND OPENING MAIL CONTAINING CLASSIFIED INFORMATION
Article 8
Classified information may be received: 1. in physical form (paper, film, etc.); 2. in electronic form on an electronic data storage medium (USB, CD, floppy disk, etc.); 3. in electronic form electronically.
Article 9
Each agency shall determine where classified information shall be received (point of receipt) and who shall receive it.
A person who is authorised to receive classified information in physical form and in electronic form on an electronic data storage medium shall confirm receipt of classified information by making an entry in a delivery log or a courier log, or by making an entry in another document intended for that purpose (service form, return receipt, etc.).
Classified information received in electronic form electronically shall be handled in accordance with the regulation laid down in Article 7 hereof.
Article 10
Mail containing classified information in physical form and electronic form on an electronic data storage medium shall be opened and recorded by a person authorised to do so.
The authorised person referred to in the preceding paragraph shall not open a consignment addressed to a civil servant with a declaration on the envelope stating that it must be delivered to the addressee in person. In this case, classified information shall be delivered to the addressee unopened, and the eligible recipient shall submit to the authorised person the information required for the record.
Article 11
On every document received, containing classified information, the authorised person referred to in the preceding Article shall put a receipt stamp, as a rule in the upper right corner of the first page of the document so that it does not obscure the text. If there is no space for a receipt stamp on the first page of the document, or if an electronic data storage medium containing classified information is inappropriate for a receipt stamp, the stamp shall be put on a piece of paper, which shall be stuck on the electronic data storage medium or enclosed with it.
RECORDING OF CLASSIFIED INFORMATION
Article 12
The following information at least on the document shall be recorded: the record number of documents received, reference number and the date, date of receipt, level of classification, designation of the organisational unit or post of the employee who will be acquainted with the classified information, number of enclosures, place of storage, date of destruction.
Classified information must be recorded in a way that ensures that individual entries in the record do not reflect the content of the classified information.
Article 13
Agencies and organisations handling information classified SECRET or TOP SECRET shall keep a list of views of the classified information (hereinafter: the list of views) containing: number, date, level of classification, copy number of the document, name and surname of the person who has been acquainted with classified information, date and time of individual acquaintance with classified information, method of acquaintance with classified information, signature of the person who becomes acquainted with the content of classified information.
The list of views shall be stored together with each medium containing classified information marked SECRET or TOP SECRET.
The list of views shall not be marked with a classification level.
A sample of a list of views of classified information is provided in Annex 1 of these Instructions.
REPRODUCTION OF CLASSIFIED INFORMATION
Article 14
Information classified TOP SECRET may not be reproduced unless, due to exceptional circumstances, the reproduction of NATO information classified COSMIC TOP SECRET is approved by the security officer.
Additional copies of information classified TOP SECRET may be made by the originating agency.
Article 15
Information classified CONFIDENTIAL or SECRET may only be reproduced in the competent registry that has received the classified information. Information classified RESTRICTED may only be reproduced in the administrative area.
Classified information referred to in the first and second paragraph of this Article may only be reproduced on the basis of an office order issued by the head of the recipient agency or by a person authorised to do so by the head.
Classified information may be reproduced if it does not contain a notice from the originating agency, prohibiting further reproduction of classified information.
A copy of classified information shall be treated in the same manner as the original.
A copy of classified information shall indicate the document or part of the document from which the copy originates (number, date and page number of the document containing the classified information).
A copy of classified information or of an item of classified information shall have the same classification marking as the original and a marking indicating that it is a copy, which shall be indicated by the word COPY and the serial number of the copy written on the right side of the first page at the same height as the security classification marking. An additional copy of classified information in electronic form shall have the same markings if it is in the form of a physical copy.
If classified information is reproduced, the person who receives the copy shall also be recorded.
Article 16
Documents in electronic form on an electronic data storage medium may be reproduced by the registry in accordance with the preceding Article hereof, provided that the registry has appropriate information equipment, which is in compliance with regulations governing information security.
Article 17
When classified information is translated into a language other than that of the classified information, the translation shall bear all the classification markings and registration numbers of the original classified information.
Translation of classified information, except NATO information classified COSMIC TOP SECRET, shall be ordered by the head, or a person authorised by the head, who shall inform the competent registry of this.
The translation of NATO information classified COSMIC TOP SECRET shall exceptionally be ordered by the security officer, who shall inform the originating agency of this.
The translation of a document containing classified information shall be enclosed with the original. TRANSMISSION AND DISTRIBUTION OF CLASSIFIED INFORMATION
Article 18
Classified information shall be transmitted in a sealed, opaque envelope.
Information classified CONFIDENTIAL and above shall be transmitted in double envelopes. The outer envelope shall be made of heavy-duty, opaque and waterproof material. It shall contain particulars about the addressee and the sender, and the number of the classified information. The markings on the outer envelope may not give any indication that classified information is contained therein. The inner envelope shall bear the appropriate classification marking and shall contain the number of the classified information, information about the addressee and the sender, and other information relevant to security.
In the transmission of information classified CONFIDENTIAL and SECRET outside a security area, the outer envelope may be substituted by a locked or sealed suitcase, box or bag.
In the transmission of information classified TOP SECRET outside a security area, the inner envelope shall be placed in a suitcase, box or bag locked by a key or with a combination setting.
When information classified SECRET and TOP SECRET is transmitted in an administrative or security area, it shall be covered or otherwise obscured so that its contents cannot be seen.
Article 19
On the territory of the Republic of Slovenia, the responsibility for the transmission of NATO classified information shall rest with the military courier service of the Ministry of Defence (hereinafter: MoD). On the territory of the Republic of Slovenia, military couriers shall transmit NATO classified information from the NATO Central Registry at the MoD to the relevant ministries, the Government, government services, the National Assembly of the Republic of Slovenia and other recipients in accordance with Article 3(3-3) of the Memorandum of Understanding between the Supreme Headquarters Allied Powers Europe (SHAPE) and the Ministry of Defence of the Republic of Slovenia regarding transportation of classified material .
At ministries, government services and other recipients of NATO classified information, NATO information classified NATO RESTRICTED may be transmitted by appropriately qualified and security-cleared couriers of ministries, government services and other recipients of NATO classified information.
On the territory of the Republic of Slovenia, in addition to military couriers, NATO classified information may also be transmitted by appropriately qualified and security- cleared couriers in accordance with Article 3(3-1) of the Memorandum of Understanding between the Supreme Headquarters Allied Powers Europe (SHAPE) and the Ministry of Defence of the Republic of Slovenia regarding transportation of classified material.
The international transmission of NATO classified information to the Central Registry shall be within the competence of MoD military couriers in accordance with the Memorandum of Understanding between the Supreme Headquarters Allied Powers Europe (SHAPE) and the Ministry of Defence of the Republic of Slovenia regarding transportation of classified material. Transport of NATO classified information from the Permanent Representation of the Republic of Slovenia to NATO shall be within the competence of military couriers.
By way of exception, a personal transmission of NATO classified information is possible with a courier certificate, on condition that the person has a personnel security clearance for access to NATO classified information of an appropriate classification level.
On the territory of the Republic of Slovenia, EU information classified CONFIDENTIEL UE and above shall be transmitted only by a courier service with appropriately qualified couriers who have been security-cleared.
EU information classified TRÈS SECRET UE may be transmitted only between individual security-accredited registries.
The international transmission of EU information classified CONFIDENTIEL UE and above may only be made through a diplomatic or military courier service.
The National Security Authority may exceptionally authorise personal transmission if diplomatic or military courier service is not available or if the use of such courier service would result in a delay that would be detrimental to EU operations and the material is urgently required by the addressee.
EU information classified RESTREINT UE may also be transmitted by registered post with a return receipt.
Article 20
Information classified SECRET or TOP SECRET may be transmitted outside the registry or any other security area through a route for which a plan of routes and a protection plan for the transmission of classified information have been elaborated.
Article 21
Classified information may be transmitted electronically only in encrypted form and in accordance with regulations governing the handling of classified information in communication, information and other electronic systems accredited by NATO or the EU.
For the needs of other recipients, classified information shall be printed and handled as classified information in physical form. Article 22
Classified information may only be disseminated on the basis of the “need-to-know” principle to persons holding an appropriate personnel security clearance.
If the recipient of classified information does not have an appropriate security area and does not meet the conditions required for handling classified information outside a security area, the recipient shall be acquainted with information classified CONFIDENTIAL or above in the competent registry.
Article 23
The registry’s distribution list shall be defined by the head of the agency or a person authorised by the head to do so or the head of the organisational unit, considering the organisation and area of work of the recipient of classified information.
The registry’s distribution list shall contain at least the following information: the designation of the competent registry that is distributing the classified information; level of classification; the recipient of the classified information.
If the distribution list is drawn up for a specific document containing classified information, it shall also contain the number and date of the document.
Article 24
After the recipient has finished using information classified CONFIDENTIAL or above, the recipient shall return the classified information to the competent registry.
STORAGE AND ARCHIVING OF CLASSIFIED INFORMATION
Article 25
Information classified RESTRICTED shall be stored in an administrative area in office or metal cabinets.
Information classified CONFIDENTIAL and SECRET shall be stored in a security area in security containers complying with at least burglary resistance grade 2 and the SIST EN 1143 standard.
Information classified TOP SECRET shall be stored in a security area in security containers complying with at least burglary resistance grade 3 and the SIST EN 1143 standard.
Depending on the classification level of information stored in a security container, a label of appropriate size shall be attached to the left upper corner of the container, bearing the following capital letter or letters: – R for RESTRICTED level; – S for SECRET level; – TS for TOP SECRET level.
If information of various classification levels is stored in a security container, such a security container shall comply with the requirements for storing information of the highest classification level and shall be marked accordingly.
Article 26
Classified information shall be archived in accordance with regulations governing archiving.
DESTRUCTION OF CLASSIFIED INFORMATION
Article 27
After the expiry of the declared storage period, classified information shall be removed and destroyed.
Classified information that an agency receives for informative purposes or to perform its function or working tasks, and which is no longer needed, shall be removed and specified for destruction not later than after the annual review.
Any extra copies of classified information, including working material pertaining to classified information, shall also be removed.
Classified information shall be destroyed under the supervision of a commission in a way that ensures that the classified information is reduced to an unrecognisable and non-reconstitutable form (shredding to a minimum size of 8.0 mm x 15 mm (strip cut and cross cut), burning, pulping, etc.).
Article 28
In destroying classified information, in addition to measures laid down in regulations governing the handling of documents by public administration bodies, the following steps shall be taken: the head of the agency, or a person authorised by the head, shall appoint a commission consisting of at least three members, which shall be responsible for the destruction of classified information and shall include the person responsible for protecting classified information within the agency; the following information shall be entered in the protocol of destruction of classified information: 1. number 2. date, 3. level of classification, 4. copy number of classified information, if it is a copy, 5. date of destruction, 6. signatures of members of the commission, the originating agency shall be informed in writing of the destruction of information classified TOP SECRET; the list of views shall be enclosed with the protocol of destruction of classified information.
A sample of a protocol of destruction of classified information is provided in Annex 2 of these Instructions.
Article 29
In exceptional circumstances, when classified information cannot be appropriately protected in accordance with regulations governing the protection of classified information and with the agency's protection plan for classified information, it shall be destroyed. Classified information of the highest classification level shall be destroyed first.
FINAL PROVISION
Article 30
The Instructions shall be published on the website of the Government Office for the Protection of Classified Information and shall enter into force on the date following their publication.
No.: 02239-3/2009/28 Ljubljana, 4 June 2009
Milan TARMAN DIRECTOR Annex 1
AGENCY
LIST OF VIEWS OF CLASSIFIED INFORMATION
NUMBER OF THE DOCUMENT:
DATE OF THE DOCUMENT:
LEVEL OF CLASSIFICATION:
COPY NUMBER OF THE DOCUMENT:
Name and Date and time Method of viewing: Signature: surname: of viewing: Annex 2 AGENCY
PROTOCOL OF DESTRUCTION OF CLASSIFIED INFORMATION
We, the undersigned members of the commission for the destruction of classified information:
1. ______
2. ______
3. ______hereby confirm that the following NATO/EU (please circle as appropriate) classified information has been destroyed:
Number of the Date of the Level of Copy No. document document: classification
Date of destruction:
Signatures:
1. ______
2. ______
3. ______