Visits involving access or potential access to information classified CONFIDENTIEL UE/EU CONFIDENTIAL or SECRET UE/EU SECRET shall be subject to the following procedure:
(a) the security officer of the facility sending the visitor shall complete all relevant parts of the RFV form (Appendix C) and submit the request to the facility's NSA/DSA;
(b) the sending facility's NSA/DSAneeds to confirm the visitor's PSC before submitting the RFV to the host facility's NSA/DSA (or to the Commission security authority if the visit is to Commission premises);
(c) the security officer of the sending facility shall then obtain from its NSA/DSA the reply of the host facility's NSA/DSA (or the Commission security authority) either authorising or denying the RFV;
(d) an RFV is considered approved if no objections are raised until five working days before the date of the visit.]
[25.
Before giving the visitor(s) access to information classified CONFIDENTIEL UE/EU CONFIDENTIAL or SECRET UE/EU SECRET, the host facility must have received authorisation from its NSA/DSA.]
[26.
Visits involving access or potential access to information classified CONFIDENTIEL UE/EU CONFIDENTIAL or SECRET UE/EU SECRET shall be arranged directly between the sending and receiving establishments (an example of the form that may be used for this purpose is provided in Appendix C).]
27.
Visitors must prove their identity on arrival at the host facility by presenting a valid ID card or passport.
28.
The facility hosting the visit must ensure that records are kept of all visitors. These must include their names, the organisation they represent, the date of expiry of the PSC (if applicable), the date of the visit and the name(s) of the person(s) visited. Without prejudice to European data-protection rules, such records are to be retained for a period of no less than five years or in accordance with national rules and regulations, as appropriate.
ASSESSMENT VISITS
29.
The Commission security authority may, in cooperation with the relevant NSA/DSA, conduct visits to contractors' or subcontractors' facilities to check that the security requirements for handling EUCI are being complied with.
SECURITY CLASSIFICATION GUIDE
30.
A list of all the elements in the contract which are classified or to be classified in the course of the performance of the contract, the rules for so doing and the specification of the applicable security classification levels are contained in the security classification guide (SCG). The SCG is an integral part of this contract and can be found in Appendix B to this Annex.
(1) The contracting authority should insert the references once the implementing rules have been adopted.
(2) The contracting authority should insert the references once the implementing rules have been adopted.
(3) The party undertaking the accreditation will have to provide the contracting authority with a statement of compliance, through the Commission security authority, and in coordination with the relevant national security accreditation authority (SAA).
(4) The contracting authority should insert the references once the implementing rules have been adopted.
(5) The contracting authority should insert the references once the implementing rules have been adopted.
Appendix B
SECURITY CLASSIFICATION GUIDE
[specific text to be adjusted depending on the subject of the contract]
Appendix C
REQUEST FOR VISIT
Feedback