Law 11/2007 of June 22, of Electronic Access of Citizens to Public Services, establishes that the Public Administrations will use the information technologies, ensuring availability, access, integrity, authenticity, confidentiality and the preservation of the data, information and services that they manage in the exercise of their powers.

at the same time, the use of such information technologies must be adjusted to the principle of security in the implementation and use of electronic means, in the light of which at least the same level of guarantees and security that is required for the use of non-electronic means in the administrative activity. Security conceived as an integral activity, in which no specific actions or short-term treatments can be performed.

Article 42 of the Law on the Electronic Access of Citizens to Public Services, marks the policy of security in the use of electronic means by Public Administrations, through the creation of of the National Security Scheme, which lays down the basic principles and minimum requirements for adequate protection of the information of the Administration.

The purpose of the National Security Scheme, developed by RD 3/2010, of 8 January, and amended by RD 951/2015 of 23 October, is the creation of the necessary conditions of trust in the use of the media electronic, through measures that guarantee the security of systems, data, communications and electronic services. It seeks to establish the confidence that information systems will provide their services and will preserve information, in accordance with their functional specifications, without any interruptions or modifications beyond control and without the information can reach the knowledge of unauthorized persons.

To this end, among the minimum security requirements established by the National Security Scheme itself is the Activity Register, which collects the minimum data necessary to manage the security measures of the systems. The data collected shall be accessible only by authorised persons, with the possibility of requiring time restrictions and optional access points.

The Register of Activity must preserve with full guarantees the right to honor, personal and family intimacy and the image of those affected. In this regard, Article 18.4 of the Constitution sets out the need to set limits on the use of computer science to ensure the personal and family honor and privacy of citizens and the full exercise of their rights.

At the same time, the information processed within these activity records must be protected and protected taking into account the criteria, requirements and obligations stipulated by the Organic Law 15/99 of 13 December 2001. Protection of Personal Data and its RD 1720/07 of 21 December, for which the regulation of the development of the said Organic Law is adopted.

This provision has been informed by the Spanish Data Protection Agency, in accordance with the provisions of Article 37.1h of the Organic Law 15/99 of 13 December on the Protection of Data of Character Staff.

For all that antecedé and in its virtue, in order to comply with the aforementioned legal mandates and to guarantee the exercise of constitutional rights, I have:

Article 1. Creation of the Information Systems Activity Records File of the Ministry of Foreign Affairs and Cooperation.

In accordance with the provisions of Article 20.1 of the Organic Law 15/99 of 13 December, the Protection of Personal Data and Article 52 of RD 1720/07 of 21 December 2001, which adopted the Development of Organic Law 15/99 of 13 December on the Protection of Personal Data, the file Records of Information Systems Activity of the Ministry of Foreign Affairs and Cooperation, which is related to Annex I, is created. of this Order.

Article 2. Holder of the Information Systems Activity Records file.

The holder of the file corresponds to the Undersecretary of the Ministry of Foreign Affairs and Cooperation, who will ensure that the necessary technical and organizational measures are taken to protect the security, integrity and confidentiality of the personal data, and the drivers to make effective the guarantees, obligations and rights recognized in the Organic Law 15/1999, of December 13, and in Royal Decree 1720/2007, of 21 December, which develops This Law.

Article 3. Access rights, rectification, cancellation and opposition.

The exercise of the rights of access, rectification, cancellation and opposition recognized to those affected by the Organic Law 15/1999, of 13 December, of protection of Personal Data, will be carried out according to the In the same and in Royal Decree 1720/2007, of 21 December, for which the regulation of the development of the Organic Law 15/1999, of 13 December, of Protection of Data of Personal Character is approved.

Single end disposition. Entry into Vigor.

This Order shall enter into force on the day following that of its publication in the Official Gazette of the State.

Madrid, May 23, 2016. -Minister of Foreign Affairs and Cooperation, José Manuel García-Margallo Marfil.

ANNEX I

Creating the Information Systems Activity Records File

1. File name:

Information Systems Activity Records.

2. Intended purpose and uses:

Inventory, management, and administration of information systems users. Analysis of activity records generated by the Ministry of Foreign Affairs and Cooperation's own information and communications systems, in order to manage events relevant to the security of information. Verification of compliance with the security framework of the Ministry of Foreign Affairs and Cooperation.

3. Data Source:

Collective of persons on whom it is intended to obtain data or to be obliged to supply it: Personnel of the Ministry of Foreign Affairs and Cooperation, and external contributing staff. Source: The person concerned.

Personal Data Collection Procedure: Data provided by the data subject.

4. Basic file structure:

Detailed Data Description: Name and Last Name, DNI, Electronic Certificate, IP, Single User Identifier on Systems, Job Position Identification, Assigned Permissions, Operations, Dates, and Time access to systems and networks.

Treatment system used: Automated.

5. Expected data communications:

Not expected.

6. International data transfers:

Not expected.

7. Body responsible for the file:

Undersecretary for Foreign Affairs and Cooperation. General Directorate of the External Service-General Sub-Directorate of Informatics, Communications and Networks.

8. Area to which the rights of access, rectification, cancellation and opposition can be exercised:

Undersecretary for Foreign Affairs and Cooperation. Plaza de la Provincia 1, CP. 28012 Madrid.

9. Security Level:

In compliance with the provisions of Title VIII of Royal Decree 1720/2007 of 21 November, approving the Regulation on the Development of Organic Law 15/1999 of 13 December on the Protection of Data of Character Personnel, Medium-level security measures will be applied to this file.