This order regulates the operation, content and use of the following information systems of the Confederation Intelligence Service (CBC):

A.

External Security Information System (ISAS);

B.

Internal Security Information System (ISIS);

C.

Electronic Situation Reporting System (PES);

D.

Computer module P4 (module P4);

E.

CBC's business management system (GEVER SRC);

F.

ROSO intermediate storage space.

In this order, the following means:

A.

Data: Information recorded in written, visual or audio form in the CBC's information systems;

B.

Object: Grouping of data relating to a person, organization, thing or event;

C.

Documentary source: Product of the structured seizure of original documents in ISAS or ISIS

D.

Relationship: Link between objects or between objects and a documentary source;

E.

Data block: A set of data about an object

F.

Original document : document available in electronic form in read-only mode;

G.

Third parties: A person or organization that is of significance to the duties that SIMA provides to the CBC only through its link to an object and marked as such in ISIS;

H.

Brief consultation: Limited online consultation of ISAS or ISIS by external services via the index to determine whether an individual or organization is included in one of these information systems;

I.

SRCant: Cantonal intelligence services;

J.

SRCant consultation: Limited online consultation of ISAS or ISIS by the SRCers responsible for carrying out SIMA through the index to determine whether an individual or organization is included in one of these information systems or to read the data entered on the basis of Original documents entered by SRCant in ISAS or ISIS.

¹ The user who has the right to access an information system of the CBC only has access to the data it needs to perform the tasks assigned to it by the law.

² The appropriate head of the CBC or his or her alternate shall decide on individual requests for access rights.

³ The SRC responds to the execution of the credentials.

¹ Users of the CBC information systems can simultaneously access all of the CBC's information systems within the limits of their access rights. To this end, they have an appropriate research and distribution function.

² Users can establish a relationship between the ISAS and ISIS information sources and an individual object to allow analysis across multiple systems.

¹ Original documents can be entered by optical character recognition.

² Original documents entered in electronic form do not need to be retained on paper.

¹ The CBC may transmit personal data which is processed in its information systems to the authorities and offices listed in Annex 3 of the Order of 4 December 2009 on the Federal Intelligence Service (OSRC) ¹ For the purposes and conditions set out therein.

² The following provisions govern the transmission of personal data to a foreign service:

A.

Art. 6 H And 6 I LFRC for information on foreign countries;

B.

Art. 17, para. 3 to 5, SIMA for information on Switzerland.

³ It is forbidden to transmit data when overriding public or private interests are opposed.

⁴ During each transmission, the CBC shall inform the addressee of the evaluation and the timeliness of the data transmitted.

⁵ He reports to the recipient:

A.

For what purpose it can use the data and any other use is excluded;

B.

He reserves the right to request that he inform him of the use of the data.

¹ The data shall be deleted within three months of the expiry of their retention period laid down in Art. 19, 26, 31, 36, 40 and 44.

² In ISAS and ISIS, clearing the last referenced document source causes the object to be deleted.

³ In ISAS, the original document is deleted at the latest by the expiry of the shelf life.

⁴ In ISIS, clearing the last document source causes the referenced original document to be deleted.

⁵ The deleted data is transferred to an archive module.

¹ The following provisions govern data security:

A.

Art. 20 of the Order of 14 June 1993 on the Federal Data Protection Act ¹ ;

B.

The December 9, 2011, order on information technology in the federal government ² ;

C.

The order of 4 July 2007 concerning the protection of information ³ ;

D.

Federal Council guidelines of 14 August 2013 on the security of ICT in the federal government ⁴ .

² The CBC specifies in treatment regulations:

A.

Organisational and technical measures against unauthorised processing of data;

B.

How to automatically log data processing.

The CBC operates a portal that compiles data from publicly available information sources (open source access portal, ROSO portal).

¹ The CBC operates a secure computer network (SiLAN network) separated from other computer networks.

² It operates its information systems, manages file classification and operates the CBC intranet system in the SiLAN; network; the ISAS index and the ISIS index, as well as the PES, are not operated in the SiLAN network to ensure access External authorities.

³ All classified data can be processed in the SiLAN network, regardless of their classification level.

⁴ Only the collaborators of the SRC, the Intelligence Service Surveillance of the Federal Department of Defence, the Protection of Population and Sport (DDPS), the Army Intelligence Service and the Service Provider The information and communication (ICT provider) of the CBC who have been given the necessary rights have access to the SiLAN network. The representatives to whom the aforementioned services have given a right of access shall be subject by analogy to the same conditions of use.

¹ The transmission of data outside the SiLAN network is governed by the order of 4 July 2007 concerning the protection of information ¹ .

² The Confederation funds the transmission of data to a central point of connection for the cantons.

³ The cantons are responsible for:

A.

The acquisition and maintenance costs of their equipment;

B.

The costs of installing and operating their fine distribution network.

¹ The RFSP determines the technical requirements that user terminals must meet. External authorities are only connected to the network when their terminals meet these requirements.

² The CBC sets the terms and conditions for each information system in processing regulations.

¹ The CBC is responding to its information systems.

² The SRC's application management and quality assurance services respond to the training and technical support of the users of the CBC's information systems. These services ensure the implementation of the treatment regulations.

³ The CBC's ICT provider is responsible for the technical operation, maintenance and security of the information systems referred to in s. 1, let. A, b and d to f. The ICT provider of the National Central Alarm responds to the technical operation, maintenance and safety of the PES.

⁴ The service responsible for quality assurance checks the legality of the processing of data entered in the information systems referred to in Art. 1, let. C to f, its adequacy, effectiveness and accuracy. It carries out this control at least once a year for each information system according to a control plan.

The following provisions govern the right of persons to access data concerning them:

A.

For data recorded in ISAS, in PES, in module P4, in GEVER SRC or in ROSO intermediate storage, s. 8 and 9 of the Federal Act of 19 June 1992 on Data Protection ¹ ;

B.

For data recorded in ISIS, art. 18 LMSI.

The structure of ISAS is based on art. 6 E LFRC.

¹ The content of ISAS is based on art. 6 C LFRC.

² Objects and documentary sources can be visually presented and this visual presentation can be recorded.

³ Annex 1 lists the personal data catalogue.

⁴ The DDPS defines the data fields.

⁵ The index contains data relating to all persons and organisations relevant to the tasks to be performed by external users of ISAS, subject to data which cannot be registered for reasons of protection Sources.

⁶ The index contains classified data up to the CONFIDENTIAL level.

The CBC staff responsible for capturing the data appreciate the relevance and accuracy of the personal data to be captured.

¹ The CBC staff responsible for entering data periodically control the blocks of data contained in ISAS which contain objects relating to individuals or organizations.

² To this end, they carry out the following tasks:

A.

They appreciate the current situation if the blocks of data are still useful for performing tasks than art. 1, let. A, LFRC assigns to the CBC;

B.

Erasing data that the CBC no longer requires;

C.

They correct, mark or erase data that is inaccurate;

D.

They record the execution and result of the control.

³ Periodic monitoring occurs whenever a block of data is completed. The following maximum time limits apply to data from the following areas:

A.

International terrorism: at most 10 years after the seizure of the object or the last periodic inspection;

B.

Espionage or the dissemination of weapons of mass destruction: 15 years after the seizure of the object or the last periodic inspection;

C.

Other important safety policy information: 20 years at most after the seizure of the object or the last periodic inspection.

⁴ The service responsible for ensuring quality ensures compliance with paras. 2 and 3 by providing in-house training and regular checks. It carries out these checks at least once a year according to a control plan.

¹ The following retention periods are applicable to documentary sources recorded in ISAS:

A.

For data from the field of international terrorism: 30 years or more;

B.

For data originating from the espionage and dissemination activities of weapons of mass destruction: 45 years or more;

C.

For other important safety policy information: 45 years or more.

² The retention period for original documents is 45 years.

¹ Access rights are governed by s. 6 F LFRC.

² The cantonal security bodies have online access to the index through the SRCant consultation to carry out the tasks that SIMA assigns to them.

³ Schedule 2 sets out the individual access rights.

¹ ISIS includes:

A.

A filing system for the seizure and consultation of the data referred to in s. 22, para. 1;

B.

A system for analysing and monitoring the situation for the capture and processing and analysis of data in several systems;

C.

An index to determine whether the CBC is processing data relating to an individual or organization in this information system.

² The DDPS defines the data fields.

¹ ISIS contains data necessary to carry out the domestic security intelligence tasks under SIMA.

² It contains data concerning natural and legal persons, organisations, objects and events.

³ It can also contain sensitive data and personality profiles.

⁴ Annex 1 lists the personal data catalogue.

⁵ The index contains data on all persons and organizations relevant to the tasks that external users of ISIS must perform, subject to data that cannot be recorded in the index for reasons of Source protection.

⁶ The index contains classified data up to the CONFIDENTIAL level.

¹ The CBC staff responsible for entering data input the information into ISIS. Prior to the seizure of new information, they are required to assess whether this information confirms or negates the relevance of the person or organization concerned in performing the intelligence tasks that SIMA assigns to the CBC.

² Collaborators assess on the basis of the source, type of transmission, content and information available if the data are secure or uncertain, and mark them accordingly.

³ The data are entered provisionally and are marked accordingly.

⁴ Objects and documentary sources can be visually presented and this visual presentation can be recorded.

⁵ Data relating to persons or organizations contained in the original documents may be reused only when an object concerning the person or organization in question has been established.

¹ The quality assurance service verifies that the data has been entered legally. For this purpose, it shall, in particular, assess whether their relevance is sufficient, if the treatment restrictions referred to in Art. 3 SIMA has been complied with and the evaluation of the data is accurate.

² It confirms the definitive seizure of these data by marking them accordingly.

³ He erases the data that he has not confirmed.

¹ The quality assurance service shall carry out an overall assessment of the data block no later than five years after the entry of the relevant article. It then proceeds to an overall assessment of the data block every three years at least.

² It verifies, in light of the existing hazards and risks, whether the data block is still required to maintain domestic security and to perform other intelligence tasks that SIMA assigns to the CBC. It clears the data that the CBC no longer needs.

³ Data marked as uncertain for more than three years can only continue to be used up to the next global assessment if the following conditions are met:

A.

They are necessary for the performance of the duties that the Act assigns to the CBC;

B.

The Director of the CBC or his or her alternate shall give the authorization.

⁴ The service responsible for ensuring quality notes on the blocks of data which can continue to be used that it has carried out their overall assessment.

⁵ Objects marked for more than three years as data relating to third parties are deleted at the global assessment.

¹ Documentary sources recorded in ISIS may be retained for up to 15 years, subject to para. 2.

² The following retention periods apply to the following documentary sources recorded in ISIS:

A.

For documentary sources containing data relating to programmes of preventive research in progress: 20 years or more;

B.

For documentary sources containing data on entry prohibitions: at least 10 years after the expiry of the ban, but not more than 35 years;

C.

For documentary sources containing data in the field of espionage: 45 years or more;

D.

For documentary sources containing data from publicly available sources: 45 years at most.

¹ CERS may retain for up to five years the data they have entered under SIMA in the course of their intelligence work for the Confederation.

² At the end of this period, they are required to destroy this data.

¹ CBC collaborators have online access to the data contained in ISIS.

² The following authorities have online access to the index as follows:

A.

The security bodies of the cantons to perform the tasks that SIMA assigns to them: consultation SRCant;

B.

The Federal Police Office to carry out security, judicial and administrative police tasks and to verify suspicions of money laundering or terrorist financing during communications by Swiss financial institutions: Brief consultation;

C.

Federal services responsible for carrying out security checks on persons: brief consultation.

³ Schedule 2 sets out the individual access rights.

¹ The NEP is an on-line information system for the presentation, evaluation and analysis of the internal and external security situation and security policy measures.

² It consists of the following records, which contain the following data:

A.

"Events": data relating to events processed by information networks;

B.

"Federal Situation Centre": periodic status reports, followed by the situation and documentation;

C.

"CBC" means data from the newspaper maintained by the CBC's permanent services.

¹ The PES contains:

A.

Data describing an event;

B.

Information on the piloting and implementation of security policy measures and on measures taken to maintain internal or external security.

² Annex 3 lists the personal data catalogue.

The retention period of the data contained in the PES and the original documents relating thereto shall be no more than three years.

¹ The authorities and offices referred to in Annex 3 OSRC ¹ Have access to the PES for the purposes and conditions set out therein.

² In the event of an event involving an increased security risk, the Director of the CBC may grant, for a limited period of time to private services and to foreign security and police authorities, access to certain contents of the PES if one of the The following conditions are met:

A.

These authorities or services are directly or indirectly affected by the event;

B.

The information or knowledge of these authorities or services may contribute to a better presentation and assessment of the situation;

C.

These authorities or services are involved in the piloting or implementation of security policy measures.

³ The CBC may apply to the authorities and services referred to in para. 1 that they inform him of the use of the data.

⁴ Appendix 4 sets out the individual access rights.

¹ The P4 module is an information system which allows the processing and analysis of information about the entry into Switzerland or the exit of Swiss territory from nationals of certain foreign countries.

² It consists of a classification system for the seizure and consultation of data transmitted to the CBC by the customs control bodies.

¹ Module P4 contains the following data:

A.

The identity of the persons concerned;

B.

The photo and other data on the identity document;

C.

Data from customs controls.

² Annex 5 lists the personal data catalogue.

¹ The CBC's collaborators have on-line access to the data contained in Module P4.

² The staff of the SRC responsible for the research programme to process and analyse the entry into Switzerland and the exit of the Swiss territory from nationals of certain foreign countries may, in addition, enter, amend or delete data in Module P4, provided that the tasks required by law are fulfilled by the law.

³ The DDPS intelligence monitoring collaborators have online access to the data contained in Module P4 for the duration of their inspections.

⁴ Annex 6 sets out the individual access rights.

The retention period for the data contained in Module P4 and the original documents relating to it is not more than five years.

¹ The CBC operates in the SiLAN network the GEVER SRC information system, which enables the management, processing and control of mandates and cases.

² Notwithstanding s. 12, para. 2 and 3, of the GEVER order of 30 November 2012 ¹ , classified data CONFIDENTIAL and SECRET can be recorded in GEVER SRC without being encrypted.

¹ GEVER SRC contains:

A.

Data for administrative management of cases;

B.

Information necessary for the control of cases in the field of security controls relating to persons;

C.

All products transmitted outside the CBC by the CBC;

D.

Data on material that promotes racism or violence, for the control of cases by the documentation service;

E.

Data for the control of radio exploration cases.

² To the extent that source protection is guaranteed, the data used to establish the contents referred to in para. 1, let. A to c, can also be processed for five years in GEVER SRC.

¹ The employees of the CBC may consult, seize, modify and delete data in GEVER SRC, provided that the duties required by law are fulfilled.

² Annex 7 sets out the individual access rights.

The following retention periods apply to the data contained in GEVER SRC:

A.

15 years or more for data intended for the control of radio exploration affairs;

B.

No more than 45 years for other data.

The ROSO intermediate storage space is an information system that allows for the evaluation of large amounts of data.

¹ The ROSO intermediate storage space contains data from publicly available information sources.

² Annex 8 lists the personal data catalogue.

¹ The staff of the SRC can access, enter, modify or delete data stored in the ROSO intermediate storage space, provided that the performance of the tasks that the law assigns to them is Requires.

² The DDPS intelligence monitoring collaborators have online access to the data contained in the ROSO intermediate storage space for the duration of their inspections.

³ Annex 9 sets out the individual access rights.

The data contained in the ROSO intermediate storage space can be kept for as long as the evaluation requires it, but for no more than six months.

The Order of 4 December 2009 on the information systems of the Federal Intelligence Service ¹ Is repealed.

... ¹

This order shall enter into force on 1 ^Er November 2014.