Online collection system certification

The Supervisory Committee of Digital Security is a competent national authority. One of its tasks is to assess whether the online collection system to be used for collecting notifications on a European Citizens' Initiative complies with all the security and technical requirements set out in Regulation (EC) No 1049/2001 of the European Parliament and of the Council of 16 February 2011. 211/2011 on the citizens' initiative and Commission Implementing Regulation no. 1179/2011 laying down technical specifications for online collection systems. If the online collection system meets all the specified requirements, the Supervisory Committee of Digital Security will issue a certificate of compliance.

CERTIFICATION PROCESS

In order to start the certification process, the organizers of a European Citizens' Initiative must submit a completed application form to the Supervisory Committee of Digital Security, accompanied by documentation and evidence of the compliance of the online collection system information system with its requirements, including:

• an analysis of the risks of an on-line system of information for the entire collection, including at least the following: information technologies, operating system, service configuration, infrastructure security, backup copies, information system log files (systemlog), security controls, system monitoring and incident response;
• a detailed conformity assessment carried out to assess the security of the online collection system with regard to the Technical Specification and Standard ISOIEC 27001;
• a detailed assessment and analysis of vulnerabilities in the collecting online system, conducted on the basis of the principle of the white box (white-boxblack-box), with a view to simulating the intrusion of the internal/external attacker;
• it is recommended that an intrusion test be performed to assess how vulnerabilities can be used and identify potential intruders. The intrusion test must provide solutions to address these vulnerabilities in order to achieve a secure system;
• if the organiser is not a provider of an online collection system or of all its elements, a certified copy of the contract with a collecting online system enforcer stating clearly that the service and infrastructure security it provides complies with the requirements laid down in the Citizens' Initiative Regulation and in Commission Implementing Regulation No 11792011;
• a copy of the exit code for the European Citizens' Initiative collection online system.

A detailed list of safety and technical parameters can be found in Commission Implementing Regulation No 11792011 and it is possible for the organisers of the initiative to use the online collection system certification requirements verification page to make it easier to verify that all the technical requirements contained in the Implementing Regulation have been implemented.

TYPES OF APPLICATION

• In person (K.Valdemāra iela 10/12, Riga, LV-1473, by arranging an appointment via e-mail submission);
• E-mail (by sending an application signed with a secure electronic signature to an e-mail address eiuk@mod.gov.lv)

After receiving and registering all the necessary information, the Supervisory Committee of Digital Security shall, within one month, carry out its assessment and, in the event of compliance, issue a certificate.