Key Benefits:
Law on preventive security service (security law). |
| Date | LAW-1998-03-20-10 |
| Ministry of | Ministry of Defense |
| Last modified | LAW-2015 -06-19-65 from 01.10.2015 |
| Published | Avd In 1998 No. 5 |
| Istrontrecation | 01.07.2001 |
| Changing | |
| Announcement | |
| Card title | Safety Act |
The purpose of this law is to
| a. | put the conditions to appropriate for effective being able to counter threats to the national independence and security and other vital national security interests, |
| b. | protect the individual's legal security, and |
| c. | Safe trust and simplify the basis of control with preventive security service. |
The law applies to the management of management organs. As the management organ is considered in the law any organ for state or municipality. The king can in doubt be able to determine whether an organ is to be reckoned as the management organ. The king can also determine that a management organ hero or partly should be exempt from the law when there are very special reasons for it, and can then instead determine the shonest rules.
The law also applies to any court subject that is not the management of the agency and which is provider of goods or services to a management organ in connection with a safety-graded acquisition.
The king can decide that the law completely or partly also shall apply to any other judicial subject, herding individuals, organisations, and private and public nutrition,
| a. | as an owner or otherwise has control over or leads supervision of screen-worthy object, or |
| b. | which of a management organ is granted access to safety-classified information. |
The law applies to the courts with the special rules that follow the regulations of security clearance and authority in and in the co-chair of the sentencing law and the sentencing process law. The king can determine further particular rules.
The law does not apply to Parliament, the National Assembly, the Parliament of Parliament for the administration and other organs of the Parliament.
The law applies to Svalbard and Jan Mayen in the extent that the King decides.
| 0 | Endres by law 12 aug 2016 # 78 (ikr. from the time the King decides). |
In this law understood by :
| 1. | Preventative Safety Service ; planning, facilitation, review and control of preventive security measures that seek to remove or reduce risk as a result of security strugging business. |
| 2. | Safety-struting business ; preparation for, attempted and review of espionage, sabotage or acts of terrorism, as well as complicity of such business. |
| 3. | Espionage ; gathering of information by means of covered funds in the intelligence-wise purpose. |
| 4. | Sabotage ; intentional destruction, paralysis, or operating stop of equipment, materials, facilities or activity, or intentional deflation of people, performed by or for a foreign state, organization or grouping. |
| 5. | Terrorist actions ; illegal use of, or threat of use, force or violence against persons or property, in an effort to put pressure on the country's government or population or society by the way of achieving political, religious or ideological goals. |
| 6. | Reality ; a management organ or other court subject to which the law applies, jfr Section 2. |
| 7. | Information ; any form of information in material or immaterial form. |
| 8. | Screen worthy of information ; information to be marked with the security degree by the rules of Section 11 of the Act here. |
| 9. | Safety classified information ; information marked with the security degree in accordance with the rules of Section 11 of the Act here. |
| 10. | Information System ; an organized collection of peripheral equities, software, computers and communication nets that link them together. |
| 11. | Monitoring ; tapping of speech or capture of electronic signals that were communicated in or between information systems. |
| 12. | Screen worthy of object ; property that must be protected from security-throttling business of respect to the national or Allied security or other vital national security interests. |
| 13. | The property ; areas, buildings, facilities, transport funds or other materials, or parts of such property. |
| 14. | Object owner ; business or person who owns or otherwise advises over screen-worthy object. |
| 15. | Function / capability ; production, supply, communication or other rightfully use or activity associated with a property. |
| 16. | The Responsibility Authority ; a management organ that has intends to acquire, or has obtained, goods or services from the court subject that is not the management of the agency. |
| 17. | Safety-graded acquisition ; acquisition, made by the acquisition authority, which implies that the provider of the commodity or service will be able to access screen-worthy information or object, or that implies that the acquisition must safety grav for other causes. |
| 18. | Personnel control ; acquisition of relevant information to assessment of security clearance. |
| 19. | The security clearance ; decision, made by the trust authority and built on personal control, about a person's perceived security figure for the stated security degree. |
| 20. | The Authority ; decision, made by authority responsible, that a person after prerequisite security clearance (with the exception of access to information security graded RESTRICSET), judgment of knowledge of safety regulations, earnings needs as well as sworn in written secrecy, access to information with the stated security degree is provided. |
Claims in or in co-compliance of the law here that the announcement or other should be in writing, is not an obstacle to the use of electronic communications, provided that this will not be contrary to regulations given in or in co-law of the Section of the Section 11-14.
| 0 | Modified by laws 21 des 2001 # 117 (ikr. 1 jan 2002 ifg. res. 21 des 2001 # 1475), 11 apr 2008 number 9 (ikr. 1 jan 2011 ifg. res. 22 oct 2010 # 1361). Endres by law 12 aug 2016 # 78 (ikr. from the time the King decides). |
The Ministry has the parent responsibility of preventive security service. This does not limit the individual's liability and duties after the provisions of or in the co-hold of the law here.
The department's executive functions are taking care of the National Security Authority of National Security.
Any business duties to exercise preventive security service in accordance with the provisions given in or in the co-hold of the law here.
The business is
| a. | devise internal instruction to safeguard security, |
| b. | ensure that enterprise employees and engage will receive adequate training in security questions, and |
| c. | regularly check the security of the population in business. |
The responsibility of the responsibility rests the leader of the business. If executive functions are delegated internally in the business, this shall be made in writing.
All employed or engaged personnel have in their work or mission for business responsibility to safeguard security concerns, and duties to contribute to preventive security service.
Specifically, regulations are provided by the National Security Authority.
| 0 | Added by law 12 aug 2016 # 78 (ikr. from the time the King decides). |
When the exercise of preventive security service after or in the co-hold of the law here overhanded to the accountability of the liability, it shall not be enjoyed more enpoignant funds and methods than it that would appear as necessary in relation to the appropriate security risk and circumstances of the otherwise.
At the outset of preventive security service, it shall be especially taken into consideration of the individual's legal security.
The use of electronic communications by the subdirection of a ordinance is only permitted when the ordinance correctable against expressly has accepted this.
| 0 | Modified by law 21 des 2001 # 117 (ikr. 1 jan 2002 ifg. res. 21 des 2001 # 1475). |
The king gives regulations on nationwide, regional and local cooperation on preventive security service.
National security authority is to coordinate the preventive security measures and control the security of the population. National security authority is also executive organ in the relationship with other countries and international organizations.
Part Article SECTION 9. Closer to the tasksNational security authority is to
| a. | acquire and assess information of significance for the completion of preventive security service, |
| b. | seek international cooperation, herders with other countries and organizers of equivalent services, when this serves Norwegian interests, |
| c. | conduct supervision of the security of the population in enterprises, herunder control that the individual's duties in or in the co-hold of the law here be overheld, and optionally give the order of improvements, |
| d. | contribute to the safety of security measures, herunder committing research and development on areas of importance for preventive security service, |
| e. | provide information, advice and guidance to enterprises, and |
| f. | By the way, they carry out tasks that are set forth by the provisions of the Act of the Act here. |
The king can provide further provisions on the National Security Intelligence Practice of the tasks.
| 0 | Endres by law 12 aug 2016 # 78 (ikr. from the time the King decides). |
As far as it is necessary to conduct the control tasks in or in the co-operation of the Act here, the National Security Authority shall be given unhindered access to any area where screen-worthy information or object is located, if the area is owned, used or otherwise controlled by a business.
| 0 | Added by law 12 aug 2016 # 78 (ikr. from the time the King decides). |
When information needs to be protected for security reasons, one of the following security degrees shall be used :
| a. | STRENGT HEMMELY is enjoyed if it can get absolutely decisive damage follows for Norway's or its Allied security, the relationship of foreign powers or other vital national security interests if the information is known to be unauthorized. |
| b. | HEMMELY is enjoyed if serious harm can damage Norway's or its Allied security, the relationship of foreign powers or other vital national security interests if the information is known to be compromised. |
| c. | KONFIDENSIELT has been enjoyed if it can damage Norway's or its Allied security, the relationship of foreign powers or other vital national security interests if the information is known to be unauthorized. |
| d. | RESTRICSET enjoyed if it to any extent can result in damage follows for Norway's or its Allied security, the relationship of foreign powers or other vital national security interests if the information is known to be unauthorized. |
The issuer or otherwise attributed to screen-worthy information shall ensure that the information is marked with the appropriate safety degree. Safety gradient should not happen in greater extent than strictly necessary, and it shall not be used higher security degree than necessary.
Security gradient shall not be given effect for longer than what is strictly necessary, and the gradient shall be at no later than fall after 30 years. Closer to rules about down-and degrading is provided by the King. The king can for particularly separate cases determine exceptions from the 30-year rule in the first period.
The king can under the premise of reciprocity meeting agreement with foreign state or international organization of security gradient of received information security classified by the person state or international organization, and about duty to hit measures to ensure such information.
Anyone who can access security classified information as clause of work, mission or employment for a business, duties to prevent unauthorized people from being able to get knowledge of the information. Tausheme's duties also apply after the person has concluded the work, the mission or enlisted. Security classified information should only be left to be left to people who have service needs access to it. Tausheme's duties are still not to the obstacle that safety-graded information is given to others when this has special home law in law or in general regulation determined by the King.
The king gives closer rules about the handling of safety-graded information, therunder about journalism, retention, shipment, and destruction. The king can also give rules about duty to lay conditions to appropriate for safety-graded information is correct, full and available.
Before screen-worthy information is processed, stored or transported in an information system shall be of national security authority, or the National Security Authority of the National Security Authority, approve the system for the current security degree.
National security authority is the certification authority for information systems to handle screen-worthy information.
National security authority can approve that other enterprises carry out services for safeguards of information systems to handle screen-worthy information.
National security authority provides closer regulations on security-wise approval of information systems.
| 0 | Added by law 12 aug 2016 # 78 (ikr. from the time the King decides). |
Only crypto systems approved by the National Security Authority are permitted used for the protection of screen-worthy information.
National security authority is national trustee of crypto materials and supplier of crypto security services to enterprises. National security authority can still approve other providers of crypto security services. These are supposed to sign a special agreement on this with National Security Authority.
National security authority is to approve the crypto algorithm used in equipment that were exported.
Specifically, regulations are determined by the National Security Authority.
A business can provide National Security Authority access through the monitors to control whether information systems in the person's business store, processing, or transport screen-worthy information without their approval for this. The company's employees should in advance have been briefed on the control. Monitoring shall not in any case include private communication or communication being conveyed to or from other than businesses.
A business can provide National Security Authority access to attempt and optionally conduct the breach in information systems that store, processing, or transport screen-worthy information, to control the resistance force in the systems. The company's employees should in advance have been briefed on the control.
Information that National Security authority is recognized by the control business after the first and other clause shall be shredded when it no longer has meaning for the control.
The king provides closer regulations, herduring notification and review of the monitoring and intrusion and about retention and maturation of information.
National security authority, or the National Security Authority of government, can conduct investigations of premises, buildings and other objects owned, used or otherwise controlled by a business, in the intent to determine whether unauthorized with or without technical aids can acquire access to screen-worthy information through the titleting, wiretapping of speech or capture of electronic signals.
The king provides closer regulations on the completion of technical security investigations.
| 0 | The headline changed by law 19 June 2015 # 65 (ikr. 1 oct 2015). |
Each ministry point out screen-worthy objects within its government area. Object owner duties to the ministry to suggest which objects are screen-worthy. Expedition of screen-worthy object should happen on the basis of a damage assessment, where it within the purposes of the law particularly taken into consideration the object's :
| a) | meaning of security policy crisis management and defense of the realm, |
| b) | meaning of critical functions for civil society, |
| c) | symbol value, and |
| d) | opportunity to pose a danger to the environment or population of life and health. |
In the damage assessment, it shall also be taken into account the acceptable time period of function failure, the ability to restore functionality, and regard to the object's significance for other objects.
The king can provide filler regulations on the selection of screen-worthy objects.
| 0 | Modified by law 11 apr 2008 number 9 (ikr. 1 jan 2011 ifg. res. 22 oct 2010 # 1361). |
When screen-worthy objects must be protected for security reasons, one of the following classification degrees is to be used :
| a) | MEGET KRITISK's innovation if it can get absolutely crucial damage follows for the national independence and security and other vital national security interests whether the object is given reduced functionality or is exposed to damage, destruction or judicial takeover of unauthorized |
| b) | KRITISK is enjoyed if serious could damage the national independence and security and other vital national security interests whether the object is given reduced functionality or is exposed to damage, destruction, or judicial takeover of unauthorized. |
| c) | IMPORTANT is enjoyed if it can damage the national independence and security and other vital national security interests whether the object is given reduced functionality or is exposed to damage, destruction, or judicial takeover of unauthorized persons. |
The king can provide filler regulations on classification of screen-worthy objects.
| 0 | Added by law 11 apr 2008 number 9 (ikr. 1 jan 2011 ifg. res. 22 oct 2010 # 1361). |
Object owner duties to protect the object of security measures.
The security measures should consist of a combination of barriers, desection, verification and reaction, which in sum satisfy the following requirements :
| a) | Object classified MEGET KRITISK is to be protected so that loss of function, destruction and judicial takeover are averted. |
| b) | Object classified KRITISK should be protected so that loss of function and destruction is limited, and the judicial takeover of essential functions deflection. |
| c) | Object classified IMPORTANT should be protected so that loss of significantly function and destruction is limited. |
The security measures should also take aim at reducing the possibility of intelligence activity against the object.
The king can determine that the required security clearance is required by the rules of Chapter 6 for the one to be granted access to screen-worthy object classified MEGET KRITISK or KRITISK.
The king can provide further provisions on planning and review of security measures, herunder the use of fuse forces.
| 0 | Added by law 11 apr 2008 number 9 (ikr. 1 jan 2011 ifg. res. 22 oct 2010 # 1361). |
The king can under the premise of reciprocity meeting agreement with foreign state or international organisation on duty to hit measures to protect foreign objects in Norway that are considered screen-worthy of the person state or organization.
King can of defense concerns ban unauthorized access to
| a) | defense buildings and facilities where objects of interest in the national defense are protested, istantro or retained, |
| b) | specific angiental areas, and |
| c) | to witness military exercises or trials. |
| 0 | Added by law 19 June 2015 # 65 (ikr. 1 oct 2015). |
Person to be granted access to screen-worthy information shall be authorized.
Person to be authorized for access to screen-worthy information classified KONFIDENSIELT or higher shall be in advance of the security clearance.
Person who in their work will be able to access screen-worthy information classified KONFIDENSIELT or higher, should be cleared if not security measures to remove the risk of access with equitable conduct.
Security clearance is provided for the following national security degrees, optionally also for corresponding security degrees in NATO or other international organization :
| a) | CONFIDENSIELT (optionally NATO CONFIDENTIAL AL/equivalent). |
| b) | HEMMEAL (optionally NATO SECRET/equivalent). |
| c) | STRENGT HEMELY (optionally COSMMIC TOP SECRET/equivalent). |
| 0 | Modified by law 11 apr 2008 number 9 (ikr. 1 jan 2011 ifg. res. 22 oct 2010 # 1361). |
Personality is committed after the request from authorization responsible, unless otherwise determined by the National Security Authority.
PersonControl shall not take place without the authorization of the person to be made aware of and have consented that such control will be made. Personality should always include information provided by the person themselves ; the duties to provide complete information on conditions believed to be of importance for the assessment of safety-wise characters after Section 21.
By security clearance for HEMMELI/equivalent or higher safety degrees, and in other very frank cases, people control can be performed for close-up persons associated with the person by family bond.
By the way, the control shall include information that the trust authority itself sits inside with and capture of relevant public records, jf. fifth clause first period. Regime responsible duties to extradite registry information without obstruction of secrecy. Registry information should be co-shared in writing. The control can also include other sources, herding statements from service sites or workplaces, public authorities or specified or supplementary references. Staff control information shall be granted no-charge to the trust authority.
The king determines which registries are relevant to the person's control. The king also provides regulations on the steps of registry investigations abroad and about the issue of information related to other countries's government's corresponding personal control. Under no circumstances, it shall be obtained, registered or relayed information on political involvement as being retaken by Section 21 other clauses.
Information provided by the trust authority in the context of personal control shall not be used for purposes other than assessment of security clearance. Authorization responsible can still be co-shared such information if this is deemed required for consideration of the security and control of the person.
Security clearance is to be given only or maintained if there is no reasonable doubt about their security form. By decision of security-wise figure, it shall only be placed emphasis on relationships that are relevant to assess their reliability, loyalty and healthy judgment in relation to the treatment of screen-worthy information. Details of the following conditions can be additional :
| a. | Espionage, planning or review of sabotage, assassination or similar, and attempted such business. |
| b. | Straffonly actions or preparation or are encouraged to such. |
| c. | Relationships that can lead to that person themselves or close people connected to the person by family ties, subjected to threats that involve danger of life, health, freedom, or honor with risk of being able to push the person to act in action with security interests. |
| d. | Formation of, or wrongly or neglected to representation about, actual conditions that the person had to understand is of significance for the security clearance. |
| e. | Abuse of alcohol or other drugs. |
| f. | Any disease that on medical grounds is deemed to be able to cause transient or lasting spondation of reliability, loyalty or healthy judgment. |
| g. | Comproctation of screen-worthy information, violations of given safety regulations, the nexus of providing personal information about self, avoidance of giving authority responsible running underdirection of its own relationships of importance for security, nectar of providing the vow of secrecy, the region of the region of not wanting to be bound by the vow of secrecy or the denial of participating in security conversation. |
| h. | Economic conditions that can be tempted to infidelity. |
| in. | Connector of within-or foreign organizations that have illegal purposes, which may threaten the democratic civic order or that consider violence or acts of terrorism as acceptable real means. |
| j. | Missing possibility of the execution of a satisfactory person control. |
| k. | Association of other states. |
| l. | Other conditions that may give reason to fear that they will be able to perform in violation of security interests. |
Political involvement, herunder membership in, sympathy with or activity for legitimate political parties or organizations and other legal civic engagement shall not have meaning for assessment of a person's security figure.
Trust decisions shall be based on a concrete and individual health assessment of the rejuvenating information. The clearance authority shall impose on the trust that the trust issue is as well-lit as possible before decision shall be made. Security call is going to be carried out in which this is not considered obvious unnecessary.
Negative information about near- standing people, jf. Section 20 third joints should only be taken into consideration if it is believed that near-standing conditions will be able to affect their security's presence.
In honest cases, conditions can be set for security clearance.
| 0 | Modified by law 17 June 2005 # 81 (ikr. 1 jan 2006 ifg. res. 21 des 2005 # 1605) |
A foreign national can be given security clearance after an assessment of the home country's security significance and their association with the homeland and Norway.
Closer to rules about the security clearance of foreign state citizens is determined by the King.
| 0 | Modified by law 17 June 2005 # 81 (ikr. 1 jan 2006 ifg. res. 21 des 2005 # 1605) |
Each ministry is the trust authority for personnel within its government area. The Ministry of Justice can in very honest cases delegate the trust authority to underlaid businesses that have a large trust need.
In connection with the security-graded acquisitions made by the person ministry or underlying agency or institution, the Department of Trust is the trust authority for personnel employed with or engaged by the supplier. The Ministry can delegate the authority of the acquisition authority that has been delegated the trust authority after the first clause of the second period.
The king decides who will be the trust authority for the rest of the businesses, herunder for contingency personnel in the county of the county, counties and organs or enterprises with prepared-wise association with these.
The security clearance of foreign nationals can only be provided by the Ministry of Foreign Affairs. Backup for the COSMIC TOP SECRET/equivalent can only be provided by the National Security Authority.
The authority can be given if the authority responsible does not have information that makes it questionable if the person safety is to be trusted. The authority is given normal by the enterprise leader. The authority shall not be given until there is a message of security clearance, with the exception for the cases described in Section 19 third joints, and security conversation is held. National security authority is giving closer rules about authorization and about who is the authority responsible.
| 0 | Endres by law 12 aug 2016 # 78 (ikr. from the time the King decides). |
Back-up and authorized personnel shall keep authorization responsible oriented on conditions believed to be of importance for their security figure.
The progress of information that raises doubts about a security-clearance person's security figure shall be the trust authority to recall or downset the clearance, or suspend the clearance and commit further investigations to clarify the relationship.
Is a security clearance decision recalled, impaired or suspended, due to message of this is sent to the National Security Authority. Authorization responsible shall be notified immediately.
Authority abduction automatically
| a. | when the person resign is the position the authority includes, |
| b. | when the need for authority for other reasons is no longer present, or |
| c. | when the person no longer has adequate security clearance. |
Getting authorization responsible information that gives reason to doubt whether an authorized person can still be deemed security fit, the authorization shall be considered recalled, impaired or suspended. Decision about this should be enriched to the person's trust authority.
National security authority determines overall validity time for security clearance.
The Prevalence Act IV and V do not apply to decisions about security clearance or authorization.
The person who has been assessed security clearance has the right to be made familiar with the result. By negative decision, the person should be urged undercorrected about the result and the details of the clavise adage.
The foundation for a decision shall be given at the same time with the subdirection of the outcome of the trust issue. The person has no requirement for the justification in the extent that justification cannot be given without revealing information as
| a. | is of importance to Norway's or its Allied security, the relationship of foreign powers or other vital national security interests, |
| b. | is of significance for source protection, |
| c. | that of respect to their health or his relationship with people who stands this close must be deemed unadvisable that the person is given knowledge of, |
| d. | concerns technical devices, manufacturing methods, business analyses and enrichment and business secrets otherwise, when they are of such a species that others can take advantage of them in their nutritional business. |
The clearance authority shall in addition of an internal simultaneous justification where all relevant conditions are involved, herunder conditions as mentioned in the third clause.
| 0 | Modified by law 17 June 2005 # 81 (ikr. 1 jan 2006 ifg. res. 21 des 2005 # 1605) |
After the decision of security clearance has been authored, the person who has been assessed the security clearance has been entitled to make himself familiar with the case documents. The person has after the same time right to see autovisual footage of its own security conversation.
The person is not entitled to visibility in the parts of a document that contains information mentioned in Section 25 third clause. The person also does not claim visibility into a document that has been worked out for the internal case preparation of the trust authority or the clageback authority, with the exception of actual information or summary or other work-related by the fact.
At the request, the one that has the claim of visibility is given copy of the document. The review of autovisual footage of security conversation happens at attendance at the trust authority.
| 0 | Added by law 17 June 2005 # 81 (ikr. 1 jan 2006 ifg. res. 21 des 2005 # 1605) |
The Ministry of Defense mentions a group of lawyers to be cleared of the highest level. These are to be used in the cases mentioned in other clauses.
Where the justification is not given, jf. Section 25 third joints, and the clashed deadline has not been run out, the trust authority on the motion of the person assessed has been assessed, making the case documents available to a lawyer appointed for this purpose. The same applies to the refusal of the motion of visibility, jf. Section 25 a second clause first period. The person must have outtried the claviadage regarding denied justification or refusal on the motion of visibility, jf. Section 25 c others laughed, before this right to the use of attorney incomes.
The lawyer shall have access to the case of actual information and the justification that is unknown to the person who has been assessed security clearance. Document which has been worked out for the internal case preparation of the trust authority or the clageback authority, jf. Section 25 a second clause last period shall not be given the lawyer.
The lawyer is supposed to give the person who has been assessed security clearance advice on whether or not the person should complain.
| 0 | Added by law 17 June 2005 # 81 (ikr. 1 jan 2006 ifg. res. 21 des 2005 # 1605) |
The provisions of the Management Act chapter VI apply to the corresponding in trust cases if nothing else follows by this law or regulation on labor security.
Negative decision on security clearance, herding terms and when the trust issue at the earliest can be retaken, could be scratched by that decision corrects against. The same applies to denied justification and refusal on the motion of visibility.
Commaking on decision whether security clearance is sent the trust authority. National security authority is clampdown. The Ministry of Justice is clampdown for trust decisions struck by the National Security Authority in the first agency.
The deadline for complaint is three weeks from the day subdirection of the decision, missing rejections or refusal on the motion of visibility has come forward to the person. If it clages on denied justification or refusal on the motion of visibility, the clavise deadline is canceled. New draft deadline runs from the point of time subdirection of justification or visibility has come forward to the person or otherwise has been made familiar with it. In cases where the lawyer has reviewed the case, new clavisage is running from the day the council from the lawyer has come forward to the person.
| 0 | Added by law 17 June 2005 # 81 (ikr. 1 jan 2006 ifg. res. 21 des 2005 # 1605) |
The king can provide regulations on the creation of a central register for trust decisions.
National security authority determines filler regulations on labor security, herunder about
| a. | security clearance of specific categories personnel, including conservation, conservation personnel in the defense, |
| b. | archiving, retention and shipment of documents in clear and personal control cases, and |
| c. | the preservation of security talks. |
| 0 | Endres by law 12 aug 2016 # 78 (ikr. from the time the King decides). |
By security gratification acquisitions, a security agreement is to be obtained between the acquisition authority and the supplier. Security agreement shall be reached before the supplier can access screen-worthy information. Security agreement with foreign providers can only be reviewed for approval by the National Security Authority. National security authority may also determine that security agreement should also be made if the supplier will be able to access screen-worthy object or if for other reasons is necessary to safety the acquisition.
The security agreement shall determine further details of responsibility and duties by the provisions of the Act here, herunder the
| a. | The acquisition's security degree, specified for the individual parts of the mission, |
| b. | practical review of research with the supplier and other control with this to assess the security of the company and verify that the supplier relate to the safety regulations and other duties by the law here, and |
| c. | consequences on violation of the security agreement. |
Expenses or requirements the supplier had to have to fulfill the provisions of or in co-compliance with the law here and signed the security agreement, the acquisition authority and National Security authority are unrelated, unless otherwise expressly agreed to The security agreement.
Before a vendor can access screen-worthy information security-graded KONFIDENSIELT or higher, or if for other reasons is deemed necessary, the provider shall have valid vendor clearance for the stated security degree. The provider clearance applies to the individual mission. National security authority is the trust authority.
Vendor trust shall not be given if there is reasonable doubt about the supplier's security figure. By decision of security-wise figure, it shall only be placed emphasis on relationships that are relevant to assessing the supplier's ability and will to exercise preventative security service by the provisions of the Act here. In assessment, the personnel control of people in the supplier's rule and management is to be made.
The supplier shall provide any information that is believed to be of importance to the trust question.
The vendor shall without due to stay orient National Security authority on changes in rule or management, change in the ownership structure, movement of locations and equipment, opening of debt negotiation or motion for bankruptcy and other conditions that may have meaning for the supplier's security figure. Asses such conditions to represent a security risk and the risk cannot be eliminated through exercising preventive security service, the National Security Authority can revoke the supply clearance. Screen worthy of information or object cannot be transferred to new owner or a cut in the housing of debt negotiation or bankruptcy, unless the National Security Authority has consented to this.
By the way, the rules apply in chapter 6, therunder the rules of justification and complaint, as far as they fit.
| 0 | Endres by law 12 aug 2016 # 78 (ikr. from the time the King decides). |
The king can provide filler regulations on security-graded acquisitions, as well as determine particular rules for the completion of international security grappling acquisitions.
| 0 | Added by law 12 aug 2016 # 78 (ikr. from the time the King decides). |
Preventative Security Service in co-compliance of the law here is subject to control and supervision of the Parliament's Control Committee for the Intelligence, monitoring and security service, in accordance with the provisions of the Law of 3. February 1995 # 7 about control with the intelligence, monitoring, and security service.
The king can establish prefered arrangements to control and lead supervision with National Security Authority and other businesses preventive security service, in the intention to impose the exercise held within the frame of current law, administrative or military directives and illegality attached right, or to make sure that legal security and other consideration are being looked after.
The as intentional or negligent provision given in or in co-hold of Section 5, 10, 12 other joints, 13 first and fourth joints and fourth joints and 17 in the law here, or overtakes granted by the National Security Authority in co-hold of Section 9 first clause letter c in the law here, punishable by fines or jail until six months, if not the relationship goes in under a stricter penalty determination.
The act of which intentional or coarse negligent is second-clause the first period of the law here, punishable by fines or imprisonment until six months, if not the relationship goes in under a stricter penalty.
The act of intentional or aggravated negligent-bound confidentiality after Section 12 first clause is punishable by fines or imprisonment until one year, if not the relationship goes in under a harsher penalty determination.
The one that overtakes the ban with home in Section 18 is punishable by fine or prison until 1 year, if not the relationship goes in under a harsher penalty determination.
Attempts are punishable in the same way.
| 0 | Modified by law 19 June 2015 # 65 (ikr. 1 oct 2015). |
This law takes effect from the time the King decides.
| 0 | The law went on ir. 1 July 2001 ifg res. 29 June 2001 No. 720. |
From the time the law takes effect, the following changes are made in other laws :---
Part Article
